Who  wants  to  be  an  entrepreneur?  one  week  ien  IP  call  centers  VoIP  lets  companies  bring 

to  take  your  shot  at  winning  $30,000  in  cash  and  services.  Contest  details  on  PAGE  1 0.  the  contact  center  to  home  workers.  PAGE  69. 
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Cisco’s 
WLAN  plan 
has  landed 


N+l  spotlights  security 
and  apps  management 


■  BY  DENISE  DUBIE 

A  mix  of  new  and  established 
companies  this  week  will  use 
NetWorld+Interop  Las 
Vegas  2004  to  launch  a 
slew  of  management  pro¬ 
ducts,  many  aimed  at  helping 
businesses  safeguard  networks 
and  applications  against  worms 
or  other  attacks. 

Fresh  off  a  week  in  which  the 
See  Management,  page  106 


More  Interop  news 

■  Start-up  targets  denial-of- 
service  attacks.  Page  12. 

■  MCI  rolling  out  VoIP 
over  DSL.  Page  12. 

■  Vanguard  tackles 
VoIP,  apps  performance  man¬ 
agement.  Page  40. 

■  For  online  coverage  go  to 
www.nwfusion.com, 

DocFinder:  1969 
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■  BY  JOHN  COX 

Cisco’s  idea  seems  simple 
enough:  Save  time  and  money  on 
building  an  enterprise  wireless 
LAN  by  plugging  new  modules 


■  Wireless 
network 
advances 
aplenty  at 
Interop. 
Pages  13 
and  24. 


into  Catalyst  6500  switches  that 
exploit  the  wireline  infrastructure. 

However,  rivals  and  some  Cisco 
switch  users  say  the  new  WLAN 
blade  and  other  wireless  prod¬ 
ucts  announced  last  week  are 
too  late.They  also  chide  Cisco  for 
lagging  on  radio  frequency  man¬ 
agement,  failing  to  simplify  ac¬ 
cess  point  management  and 
charging  too  much. 

Cisco’s  latest  announcement 
fleshes  out  the 
company’s 
Structured  Wire¬ 
less  Aware  Net¬ 
work  (SWAN) 
strategy,  an¬ 
nounced  nearly  a 
year  ago.  The  basic  idea,  which 
Extreme  Networks  and  Foundry 
Networks  also  are  pursuing,  is  to 
add  a  range  of  mobility  and 
WLAN  features  to  existing  wire- 
line  switches,  instead  of  adding 
dedicated  WLAN  switches  to  the 
network. 

Sales  of  WLAN  switches,  though 
barely  $13  million  in  the  fourth 
quarter,  are  on  the  rise,  according 
to  Infonetics  Research.  Fourth- 
quarter  sales  topped  the  previous 
quarter’s  numbers  by  51%,  the  re¬ 
search  firm  says. 

Cisco  announced  its  WLAN 
Services  Module  that  fits  into 
the  Catalyst  6500,  a  new  version 
See  Cisco,  page  14 


I A  Wider  Net 

Inside  MIT’s  new  geek  lair 

Robots  roam  and  nostalgia  subsides;  building 
design  attracts  ‘collisions  of  people  by  accident' 

■  BY  ANN  BEDNARZ 

AMBR1DGE,  MASS.  —  According  to  legend,  when  re¬ 
searchers  working  out  of  Building  20  at  the  Massachusetts 
Institute  of  Technology  needed  to  run  wires  between  lab¬ 
oratories,  they’d  grab  a  broom  and  drive  the  handle  through  the 
building's  interior  walls  to  make  the  necessary  connections. 

That’s  the  kind  of  place  Building  20  was.  A  beater.  An  unpre¬ 
tentious  container  for  unbridled  scientific  experimentation.  MIT 
constructed  Building  20  in  1943  in  the  northeast  corner  of  its 

See  MIT,  page  104 
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Peer-to-peer  is  clearly  a  problem. 

lake  a  close  look  at  the  serious  security,  infrastructure  and  legal  liability  threats  P2P  file  sharing  poses  to  your  organization. 
Reduce  your  risk  with  Websense  Enterprise®.  Block  access  to  P2P  protocols,  sites  and  applications  with  the  only  software  that  offers 
end-to-end  policy  control  to  effectively  eliminate  P2P  security  breaches 
and  other  dangers.  Stay  focused  on  the  P2P  solution  with  a 
free  white  paper  and  assess  your  risks  at  www.websense.com/p2p. 
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1  Exclusive 

Network  World  Radio 

Network  World  Lab  Alliance  partner  Rodney  Thayer  discusses  the  state  of 
802.1X,  an  authentication  standard  that's  gaining  traction  in  wireless 
networks  DocFinder:  1962 

NetWorld+Interop  2004  Show  Planner 

Heading  to  Vegas?  Get  the  heads-up  on  the  best  keynote  addresses, 
sessions  and  events  so  you  can  make  the  most  of  your  time  at  this 
week  s  show  DocFinder:  1963 

Face-Off:  Is  a  unified  WLAN  approach  better 
than  an  overlay? 

Two  industry  insiders  debate  whether  Wi-Fi  should  be  deployed  as  an 
extension  of  the  wired  LAN.  Read  their  views,  then  jump  in  with  your 
opinion  in  our  forum.  DocFinder:  1821 

NW200  Compare-o-matic 

If  you  can't  get  enough  of  the  facts  and  figures  of  the  Network  World 
200  companies,  head  online  where  you  can  compare  companies  head 
to  head  in  20  categories.  DocFinder:  1738 

j  Seminars  and  Events 

Are  you  totally  secure  in  your  enterprise 
security  management? 

Are  you  managing  your  network  as  a  security  intelligence  asset?  Find 
out  how  and  get  the  answers  you  need  at  Enterprise  Security: 

Fail-Safe  Architecture,  a  new  Network  World  Technology  Tour  Event. 
Click,  qualify  and  attend  free. 

DocFinder:  1856 
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Small  Business  Tech 

Growing  like  a  weed 

Columnist  James  Gaskin  explains  how  a  lawn  maintenance 
company  uses  iPaqs  to  expand  without  increasing  staff. 

DocFinder:  1966 

HomeLAN  Adventures 

Charter's  PVR  service  disappoints 
Senior  Editor  of  Product  Testing  Keith  Shaw  on  how  the  unim¬ 
pressive  PVR  affected  his  wireless  router  plans. 

DocFinder:  1967 

Weblogs 

Security  Notes 

Senior  Editor  Ellen  Messmer  looks  at  the  Department  of 
Defense's  long-awaited  policy  on  wireless  and  what  that 
means  for  the  industry.  DocFinder:  1964 

Layer  8:  IT  nightmares  contest 

Sure,  you've  brought  work  home,  but  has  it  ever  crept  into 
your  bedroom  and  invaded  your  subconscious  in  the  middle 
of  the  night?  Send  us  your  best  IT-related  nightmare  by 
Friday,  May  14,  and  you  could  win.  DocFinder:  1965 
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Go  online  for  breaking  news  every  day.  DocFinder  6342 
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Sign  up  for  any  of  more  than  40  newsletters  on  key  network  topics. 
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The  Wi-Fi  security  standards  shuffle 

■  Two  key  improvements  for  the  security  and  performance  qual¬ 
ity  of  Wi-Fi  devices  are  scheduled  to  reach  wireless  network  users 
this  year. The  Wi-Fi  Alliance  says  it  will  certify  products  for  the  new 
802.1  li  and  802.1  le  standards  by  September. The  802.1  li  standard 
is  the  complete  version  of  the  preliminary  security  standard  Wi-Fi 
Protected  Access  introduced  last  year, while  802. 1  le  is  a  new  stan¬ 
dard  designed  to  improve  the  quality  of  wireless  networks  that 
transmit  voice  and  video.  Security  has  been  one  of  the  biggest 
obstacles  to  the  growth  of  wireless  networking.  Last  year,  WPA 
replaced  the  flawed  Wired  Equivalent  Privacy  protocol  to  shore 
up  wireless  security  before  the  full  802.1  li  standard  could  be  rati¬ 
fied.  WPA  uses  a  dynamic  encryption  key  as  opposed  to  the  static 
key  WEP  used,  and  it  improves  the  user  authentication  process. 
The  802.1  li  standard  adds  Advanced  Encryption  Standard  tech¬ 
nology,  a  stronger  level  of  security  than  used  in  WPA.  Corporations 
and  governments,  which  need  the  highest  level  of  security  avail¬ 
able,  might  have  to  replace  some  of  their  network  equipment  to 
support  AES. 

AT&T  in  local  hot  water 

■  Qwest  last  week  filed  suit  against  AT&T,  claiming  its  rival  carried  some  part  of  phone 
calls  over  the  Internet  in  an  effort  to  avoid  paying  tens  of  millions  of  dollars  in  access 
fees.  Last  month,  SBC  filed  a  similar  suit  against  the  carrier, saying  it’s  owed  $141  million 
in  access  fees.  Instead  of  using  local  carriers  to  complete  long-distance  calls,  AT&T  put 
these  calls  over  the  Internet  at  some  point  to  avoid  paying  tariffed  access  fees  to  them, 
the  local  exchange  carriers  say. The  suit  is  based  on  the  fact  that  the  FCC  rejected  a  bid 
from  AT&T  suggesting  it  pay  lower  access  fees  for  calls  that  travel  over  the  Internet.  But 
the  FCC  did  not  say  that  AT&T  is  required  to  pay  LECs  retroactively  for  past  traffic  han¬ 
dled  in  this  manner.  Instead  the  government  agency  said  the  courts  would  look  at  each 
case  individually. 

ASP  consolidation  continues 

■  Enterprise  application  hosting  company  Surebridge  last  week  said  it  will  sell  itself  to 
fellow  application  service  provider  NaviSite  for  about  $54  million. The  acquisition  con¬ 
tinues  a  consolidation  trend  in  the  managed  applications  and  infrastructure  market: 
Both  NaviSite  and  Surebridge  bulked  up  by  buying  smaller  rivals.  NaviSite  is  a  survivor 
of  the  dot-com  meltdown.  Started  by  incubator  CMGI  in  1997,  Surebridge  came  close  to 
running  out  of  money  before  being  saved  by  loans  and  restructuring.  However,  com- 

COMPENDIUM 

Neighborly  Wi-Fi 

Paul  Callahan  reports  how  an  acquaintance  deals  with  Wi-Fi  interference  from  the 
neighbors:  ‘He  logs  in  to  his  neighbor's  Linksys  access  point,  enters  the  default  pass¬ 
word  and  changes  the  [access  point's]  channel.  That  solves  the  problem,  and  his  neigh¬ 
bor  doesn't  even  know  it!’’  Read  more  at  www.nwfusion.com,  DocFinder:  1956. 


Spam  plan.  Microsoft  last  week  said  it  is  using  a  system  that  identifies 
legitimate  e-mail  senders  by  requiring  them  to  pass  rigid  qualifications  and  plunk 
down  a  bond  that  can  be  debited  if  they  misbehave.  The  goal  of  using  the  system, 
developed  by  IronPort  Systems,  is  to  enable  desirable  e-mail  to  get  around  filters 
designed  to  block  unwanted  messages. 

Spyware  vs.  spyware.  oni»  m  of 

employees  who  access  the  'Net  at  work  say  they  have 
ever  visited  a  Web  site  containing  spyware,  but  92% 
of  IT  managers  estimate  that  their  organization  has 
been  infected  by  spyware,  according  to  the  latest 
Websense  Web  @ Work  study.  The  survey,  conducted 
by  Harris  Interactive,  tapped  500  U.S.  employees  by 
phone  and  350  IT  managers  online. 


Bill  gets  slapped,  eai  Gates  is 

$800,000  poorer  as  a  result  of  a  federal 
government  fine  for  a  securities  violation  involving 
anti-trust  matters  unrelated  to 
Microsoft.  Of  course,  that's 
chicken  feed  for  the  man  Forbes 
lists  as  the  richest  person  on 
the  planet,  with  a  net  worth  of 
$46.6  billion.  > 
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bined  with  Surebridge,  NaviSite  will  have  more  than  $30  million  in  revenue  each  quar¬ 
ter,  the  company  said. 

Siebel  GEO  makes  room  for  Big  Blue  exec 

■  Siebel  Systems  founder  Tom  Siebel  stepped  down  as  CEO  last  week  to  make  room  for 
25-year  IBM  veteran  Mike  Lawrie,  who  most  recently  headed  Big  Blue’s  sales  and  distribu¬ 
tion  operations.  Siebel  remains  the  company’s  chairman.  Industry  watchers  called  the 
executive  change  a  shock,  but  a  welcome  one.The  CRM  software  maker  still  holds  the  lead 
in  market  share,  but  the  vendor’s  growth  slowed  in  recent  years  as  it  confronted  a  down¬ 
turn  in  software  buying  and  increased  competition  from  SAP  PeopleSoft  and  Oracle. 
Someone  new  with  a  fresh  approach  to  sales  is  a  good  thing  for  Siebel,  analysts  say 

Phishing  getting  foul 

■  A  new  Gartner  study  found  that  the  number  of  online  scams  known  as  “phishing 
attacks”  have  spiked  in  the  last  year  and  that  online  users  are  frequently  tricked  into 
divulging  sensitive  information  to  criminals. The  study,  which  ended  in  April,  surveyed 
5,000  adult  Internet  users  and  found  that  about  3%  reported  giving  up  financial  or  per¬ 
sonal  information  after  being  drawn  into  a  phishing  scam,  which  uses  email  messages 
and  Web  pages  designed  to  look  like  correspondence  from  legitimate  online  business¬ 
es.  The  results  suggest  that  as  many  as  30  million  adults  have  experienced  a  phishing 
attack  and  that  1.78  million  could  have  fallen  victim  to  the  scams,  Gartner  said.  ISPs 
need  to  address  the  phishing  problem  to  prevent  the  Internet  and  e-mail  from  being 
discredited  as  media  for  customer  transactions,  Gartner  said. 

Outsourcing  the  business  process 

■  Spending  on  business-process  outsourcing  services  will  continue  to  increase  in  com¬ 
ing  years,  but  so  will  clients’  expectations  for  the  quality  and  breadth  of  vendors’ offerings, 
according  to  an  IDC  study  released  last  week.  Worldwide  spending  on  BPO  services 
reached  $405  billion  in  2003,  an  increase  of  about  8%  from  2002.  Revenues  are  expected 
to  grow  at  a  compound  annual  rate  of  1 1%  through  2008,  when  they  will  total  $682.5  bil¬ 
lion,  according  to  IDC.  In  a  BPO  engagement,  a  company  hands  over  an  entire  business 
process  or  function  to  an  external  services  provider. This  contrasts  with  traditional  IT  out¬ 
sourcing  engagements,  which  involve  the  transfer  of  an  IT  task  or  process.  Fueling  the 
demand  for  BPO  services  are  companies’ desire  to  reduce  costs,  focus  on  their  core  busi¬ 
ness,  obtain  new  expertise,  and  increase  efficiency  and  productivity,  IDC  said. 


Move  to  the  IP  beat  with  converged  voice  equipment  from  Sprint 

The  new  portfolio  of  Sprint  business  communications  systems  can  help 
put  your  business  in  the  IP  groove.  Fabulously  future-ready  and  totally 
customer-centric,  this  equipment  can  give  you,  your  management  and  even 
your  finance  team  reason  to  dance.  Contact  us  today  to  learn  more  and  to 
locate  a  Sprint  Authorized  Dealer  near  you. 


sprint.com/equipment 
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Microsoft,  partners  tune  Web  services 


Picture  this 

Microsoft  and  its  partners  have  proposed  a  specification 
to  make  it  easier  to  add,  find  and  use  devices  on  a  net¬ 
work.  The  first  version  of  the  Devices  Profile  focuses  on 
printing  and  imaging  devices,  which  are  expected  to  be 
purchased  by  the  millions  each  year. 


Products 

2004 

2005 

Compounded  annual 
growth  rate (2004-2008) 

Inkjet  printers 

62.5 

63.3 

1.2% 

Laser  printers 

11.7 

12.3 

4.8% 

Scanners 

43.1 

46.9 

9% 

SOURCE:  IN-STAT/MOR 


■  BY  JOHN  FONTANA 

SEATTLE  —  Microsoft  and  its 
partners  are  using  groups  of  Web 
services  protocols  to  develop 
specifications  that  support  re¬ 
mote  management  of  servers  and 
a  plug-and-play  method  for  con¬ 
necting  devices  to  a  network. 

The  specifications  are  designed 
to  make  it  easier  for  IT  to  upgrade 
and  manage  networks.  For  exam¬ 
ple,  a  printer  could  be  added  to  a 
network  and  made  available  to 
desktops  without  having  to  install 
client  software. 

Last  week  at  its  13th  annual 
Windows  Hardware  Engineering 
Conference  (WinHEC), Microsoft 
introduced  Web  services  for 
Management  Extension  for  Win- 


SEATTLE  —  Microsoft  next 
year  will  plug  the  gap  between 
versions  of  its  server  software 
with  the  release  of  an  update  for 
Windows  Server  2003  —  a  move 
that  might  offer  some  measure  of 
relief  for  corporations  with  annu¬ 
ity  licensing  contracts. 

The  update  will  come  between 
the  release  last  year  of  Win  2003 
and  the  expected  arrival  of  its 
successor,  Longhorn  Server, 
potentially  in  2007. 

The  Win  2003  Update  might 
help  spark  renewals  and  new 
sign-ups  for  Microsoft’s  Software 
Assurance  software  maintenance 
program.  Key  to  the  two-  and 
three-year  Software  Assurance 
contracts  is  access  rights  to  the 
latest  software  upgrades. 

Next  year,  Win  2003  will  be  2 
years  old,  and  Longhorn  Server 
won’t  be  available  potentially  for 
another  two  years  or  more. 

“A  lot  of  customers  are  saying 
'Wait,  1  spent  a  lot  of  money  on 
Software  Assurance, and  what  did 
1  get  for  my  money?”’  says  Laura 
DiDio.an  analyst  with  The  Yankee 
Group. 

The  server  update  also  will 


■  Read  about  Microsoft's 
problems  with  its  channel 
partners.  PAGE  33. 


dows  Server  and  Devices  Profile 
for  Web  services. 

The  specifications  provide  a 
glimpse  of  how  Microsoft  plans  to 
make  it  easier  for  IT  to  support 
connectivity  and  services  across 
the  Windows  platform  of  clients, 
devices  and  servers  in  its  future 
operating  systems  starting  with 
Longhorn.  Longhorn  is  slated  for 
release  in  2006. 

“Web  services  are  the  next  1R 
the  next  layer  of  functionality  in 
the  network  stack  that  you  do 
not  want  to  reinvent,”  says  Jeff 
Schlimmer,  program  manager  for 
advanced  Web  services  at 
Microsoft. 

Both  specifications  are  unique 
undertakings  for  Microsoft  in 
that  the  protocols  can  be  used 


align  security  features  between 
the  client  and  server  operating 
systems  and  include  a  handful  of 
upgrades  and  tool  enhance¬ 
ments  for  Active  Directory 

At  its  13th  annual  Windows 
Hardware  Engineering  Confer¬ 
ence,  Jim  Allchin,  Microsoft’s 
group  vice  president  in  the  plat¬ 
forms  group,  said  Win  2003  Up¬ 
date,  known  internally  as  R2,  will 
align  the  server  with  security 
enhancements  that  are  part  of 
the  forthcoming  Windows  XP 
Service  Pack  2,  specifically  its  per¬ 
sonal  firewall. 

Allchin  said  the  server  upgrade 


with  non-Windows  platforms. 

“Web  services  will  have  a  key 
role  [in  the  future],”  said  Bill 
Gates,  chief  software  architect  for 
Microsoft.  “It  will  be  the  primary 
device  connectivity  in  Longhorn.” 

Microsoft  highlighted  that  fact 
by  introducing  the  Devices  Pro¬ 
file  specification  it  co-authored 
with  Intel,  Lexmark  and  Ricoh. 
The  specification  details  how 
devices  such  as  printers,  imag¬ 
ing  hardware  and  eventually 
mobile  phones  and  other  hand¬ 
helds  could  use  Web  services  to 
signal  they  are  connected  to 
the  network,  as  well  as  to  adver¬ 
tise  their  services  and  use  other 
services.  Clients  could  attach  to 
the  devices  over  a  network 
without  having  to  install  drivers 


highlight  is  the  concept  of  “isola¬ 
tion.”  He  compared  the  technol¬ 
ogy  to  the  personal  firewall,  say¬ 
ing  that  before  a  laptop  could 
connect  to  a  network,  it  would  be 
put  in  isolation  and  run  through  a 
series  of  IT-configurable  tests. The 
tests  would  check  for  things  such 
as  missing  system  updates  or  anti¬ 
virus  signatures. 

Microsoft  would  not  provide 
any  other  details  on  the  server 
update  but  said  that  it  would 
clarify  its  server  road  map  in  the 
coming  weeks.  In  addition  to  the 
Win  2003  update,  Microsoft  also 
plans  to  release  in  2005  a  version 
of  Windows  Storage  Server,  code- 
named  Storm.  ■ 


or  other  software. 

“The  big  story  with  laptops  that 
are  occasionally  connected  to 
the  enterprise  is  that  users  have 
problems  accessing  printers,  and 
knowledge  management  and 
other  software,” says  Jason  Bloom¬ 
berg,  an  analyst  with  ZapThink. 
“Often  those  users  are  limited  to 
getting  on  the  intranet.” 

Microsoft  and  its  partners  plan 
to  submit  Device  Profile  this  fall 
to  the  Universal  Plug  and  Play 
Forum  for  consideration  as  the 
foundation  for  the  UPnP  2.0 
Device  Architecture. 

Microsoft  also  introduced  the 
Network  Connected  Device 
Driver  Development  Kit,  for  cus¬ 
tomers  who  want  to  implement 
Devices  Profile  and  hook  it  to  the 
current  Windows  Plug  and  Play 
subsystem. 

Conspicuously  absent  from  the 
effort  is  HR  the  world’s  largest 
printer  manufacturer. 

“We  see  a  role  for  all  devices 
to  be  on  the  network,  and  Web 
services  will  provide  that  capa¬ 
bility”  says  Joe  Keller,  product 
manager  for  HP“But  we  want  to 
see  the  Devices  Profile  specifi¬ 


cation  in  a  standards  body  so 
everyone  has  equal  say  in  the 
way  it  is  developed.” 

Devices  Profile  relies  on  a  col¬ 
lection  of  existing  Web  services 
protocols  Microsoft  is  developing 
with  its  partners,  including  WS- 
Discovery,  WS-Addressing,  WS- 
Eventing  and  WS-Fblicy 

“We  are  bringing  Web  services 
to  the  devices  side  so  [those  de¬ 
vices]  can  communicate  with  the 
Web  services  infrastructure,”  said 
Peter  McKiernan,  lead  product 
manager  in  the  Developer  and 
Platform  Evangelism  group  at 
Microsoft.'This  is  a  way  to  reduce 
some  of  the  headaches  IT  faces 
when  they  work  with  devices.” 

Devices  Profile  will  be  sup¬ 
ported  in  Indigo,  the  services  bus 
technology  under  development 
for  Longhorn.  And  Longhorn’s 
user  interface  will  have  a  hard¬ 
ware  and  devices  folder  that  will 
include  devices  found  on  the  net¬ 
work  through  Device  Profile. 

Device  Profile  is  not  the  first 
specification  of  its  kind.  Java  has 
Jini  for  connecting  devices,  but  it 
requires  that  every  device  have  a 
Java  Virtual  Machine.  ■ 
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Have  an  idea  fora  new  product,  service  or  company?  Introducing 
“Who  Wants  to  be  an  Entrepreneur?"  a  contest  developed  by 
Network  World  in  conjunction  with  venture  capital  firm 
Commonwealth  Capital  of  Wellesley,  Mass.,  and  sponsored  by 
public  relations  firm  fama  PR,  service  provider  Qwest 
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We’ll  give  the  winner  $30,000  in  cash  and  paid-in-kind  professional 
services,  coverage  in  Network  World  and  a  chance  to  rub  elbows 
with  other  entrepreneurs  at  NetworkWorld's  annual  Demo 
conference  and  exhibition  in  Scottsdale,  Ariz. 
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access  the  entry  form,  which  must  be  returned  by  midnight  May  17, 


Microsoft  slates  Windows 
Server  update  for  2005 
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Sasser  worm  exposes 
patching  failures 


■  BY  ELLEN  MESSMER 

Organizations  that  evaded  last  week’s 
Sasser  worm  infestation  credited  vigilant 
patching  processes  and  preventative  mea¬ 
sures  such  as  installing  server-based  behav¬ 
ior-blocking  software  and  worm  filtering 
gateways. 

Anti-virus  software,  on  the  other  hand, 
was  of  limited  use  in  stopping  the  four 
known  variants  of  Sasser  because  the 
worm  could  reinfect  machines  even  with 
the  most  up-to-date  virus  signatures,  says 
Vincent  Gullotto,vice  president  at  Network 
Associates’ Avert  Labs.“Ifyou  don’t  have  the 
[Windows]  patch  in  place,  this  can  hap¬ 
pen,”  he  says. 

According  to  Mikko  Hypponen,  head  of 
anti-virus  research  at  F-Secure  in  Helsinki, 
Finland,  the  Sasser  worm  variants  don’t 
delete  files  or  leave  Trojans.  This  makes  it 
a  fairly  benign  worm  and  a  lot  like  the 
Blaster  worm  of  last  August.  Like  Blaster, 
damage  stems  from  Sasser’s  intense  net¬ 
work  scanning,  which  can  paralyze  net¬ 
works  (see  graphic). 

Among  those  experiencing  Sasser’s  sting 
last  week  were  American  Express,  Gold¬ 
man  Sachs,  Air  Canada,  British  Airways, 
Germany’s  Deutsche  Fbst,  the  European 
Commission  and  several  schools, including 
the  University  of  California,  Irvine  and 
University  of  Massachusetts  at  Amherst. 

“It  affected  some  of  our  support  systems 
and  caused  a  degree  of  disruption  inter¬ 
nally’  says  Lucas  Banpraag,  a  Goldman 
Sachs  spokesman.  “It  delayed  processing 
of  some  orders.” 

The  Sasser  worm  infested  the  financial 
firm’s  network  a  week  after  hitting  its 
offices  in  Asia. Goldman  Sachs  is  reviewing 
how  it  prioritizes  patch  management  and 


wants  better  guidance  from  Microsoft,  the 
spokesman  says. 

Microsoft  had  made  the  patch  available 
more  than  two  weeks  ago  for  the  so-called 
Local  Security  Authority  Subsystem  Ser¬ 
vice  (LSASS)  vulnerability  that  Sasser 
exploits,  giving  it  a  critical  rating. 

But  the  sheer  size  of  some  organizations 
makes  it  hard  for  them  to  patch  all  systems, 
says  Alfred  Huger,  senior  director  of  engi¬ 
neering  for  security  response  at  Symantec. 

Wolters  Kluwer,  an  18,500-employee  firm 
in  Amsterdam  that  provides  legal  informa¬ 
tion  services,  got  hit  with  Sasser. 

“It  was  only  half  a  dozen  PCs  out  of  hun¬ 
dreds,”  says  Mike  Antico,CTO  for  the  firm’s 
North  American  divisions.“How  did  these 
people  escape  being  patched?  We  think 
it’s  because  they  bring  in  portable 
computers.” 

Many  corporations  test  patches  before 
applying  them  to  machines,  particularly 
critical  servers,  so  the  larger  the  organiza¬ 
tion,  the  harder  it  is  to  go  through  this  pro¬ 
cess  before  a  worm  appears  to  take  advan¬ 
tage  of  a  newly  identified  hole. 

Companies  say  they  are  turning  to  other 
defensive  measures  above  and  beyond 
simply  patching.  One  of  these  is  behavior- 
based  software  that  blocks  worms  and 
other  types  of  attacks  by  recognizing  suspi¬ 
cious  activity 

“OurWindows  environment  was  patched 
within  three  days  of  the  released  [LSASS] 
patch,  except  for  one  server  where  a  criti¬ 
cal  system  needed  to  be  regression-tested 
longer;”  says  Eben  Barry  manager  of  IT 
operations  at  Network  Health,  a  Medicaid 
insurance  provider  in  Cambridge,  Mass. 
Luckily,  this  time  the  delay  did  not  result  in 
an  infection. 

See  Sasser,  page  15 


Sasser  strikes 


■  HOW  IT  WORKS 


Sasser  is  similiar  to  an  earlier  worm,  Blaster,  because 
users  do  not  need  to  receive  e-mail  or  open  a  file  to  be 
infected.  Instead,  just  having  a  vulnerable  Windows 
machine  connected  to  the  Internet  is  enough  to  get  stung. 
Here’s  how  it  works: 


o  ©  © 


Windows  2000  or  XP  machine  Unpatched  Windows  machine 


Q  An  infected  Windows  XP  or  2000  machine  spawns  128  threads  that  scan  random  IP  addresses  for  exploitable 
systems.  Specifically,  it’s  looking  for  a  vulnerable  component  of  Windows  called  the  LSASS.  Microsoft  released  a 
patch,  MS04-11,  on  April  12. 

©  Once  a  vulnerable  system  is  found,  the  worm  creates  a  script  and  executes  it  This  script  instructs  the  system  to 
download  and  execute  the  worm  from  the  infected  host  The  newly  infected  system  accepts  this  FTP  traffic  on  TCP 
Port  5554. 

©  The  newly  infected  machine  then  fires  off  its  own  set  of  scanning  threads.  The  traffic  generated  by  all  these  threads 
can  slow  and  disrupt  network  performance. 
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That  fast. 


BrightStor®  ARCserve® 
Backup  Release  11 

Faster  than  ever. 

BrightStor  ARCserve 
Backup  Release  11 
features  the  very  latest 
in  storage  innovations. 
As  a  result,  it's  faster 
and  easier  than  ever, 
enhancing  both  efficiency  and  productivity. 
So  you  can  be  confident  your  files  are 
properly  backed  up  and  will  easily  be 
restored  should  a  disaster  occur.  For  more 
information,  go  to  ca.com/storage/arcserve. 


FREE 

TRIAL 


FreeTrial  of  BrightStor 
ARCserve  Backup  Release  11. 
Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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MCI  rolls  out  VoIP  over  DSL 

Offering  targeted  at  small  offices. 


SB  BY  DENISE  PAPPALARDO 

MCI  is  set  to  launch  aVoIP-over- 
DSL  service  it  says  could  save 
small  offices  money. 

Slated  to  be  announced  this 
week  at  NetWorld+Interop,  MCI 
Advantage  over  DSL  is  designed 
to  let  businesses  with  up  to  60 
users  at  one  location  consoli¬ 
date  their  voice  traffic  onto  a 
one  symmetric  DSL  connection 
to  reduce  costs  vs.  traditional 
telephone  services. 

The  offering  works  by  moving 
analog  or  native  IP  voice  traffic 
through  an  integrated  access 
device,  over  an  MCI  DSL  connec¬ 
tion  to  the  Internet,  where  it’s 
passed  to  the  public  switched 
telephone  network.  The  service 
includes  unlimited  local  and 
long-distance  voice  service. 

Local  exchange  carriers  have 
pioneered  VolP-over-DSL  ser¬ 
vices,  but  MCI  is  out  in  front  of 
interexchange  carriers  such  as 
AT&T  and  Sprint.  Sprint  says  it  is 
trialing  such  a  service  in  Las 
Vegas. 

MCI’s  offering  supports  up  to  15 
simultaneous  calls,  though  of¬ 


fices  of  40  to  60  people  can  sign 
up  for  it  on  an  oversubscribed 
basis,  figuring  not  everyone  is 
on  the  phone  at  once.  On  a 
monthly  basis,  MCI  charges  a 
flat  fee  based  on  line  speed, 
plus  $40  per  simultaneous  call 
(see  graphic). 

The  service  could  cost  up  to 
$850  per  month  for  a  768K 
bit/sec  DSL.  Using  MCI  Advan¬ 
tage  over  a  dedicated  T-l  for  the 
same  office  would  cost  about 
$1,500  per  month. 

Some  users  might  be  willing  to 
pay  extra  for  a  T-l  because  mean- 
time-to-repair  guarantees  from 
carriers  are  typically  stronger 
withT-ls  than  with  DSL, says  Brian 


Washburn,  an  analyst  at  Current 
Analysis.  Users  can  expect  a  T-l  to 
be  repaired  within  four  hours  of 
an  outage, with  DSL  meantime-to- 
repair  usually  within  24  hours. 
“Users  need  to  be  aware  that  they 
may  be  sacrificing  cost  for  a 
slower  meantime-to-repair  guar¬ 
antee,”  he  says. 

The  service  is  available  in  the  31 
metropolitan  markets  where  MCI 
offers  its  own  DSL  service.The  car¬ 
rier  says  it  will  expand  VoIP  over 
DSL  with  Covad  Communications 
in  the  third  quarter.  Covad’s  DSL 
network  reaches  235  metropoli¬ 
tan  markets  across  the  U.S. 

(For  an  update  on  MCI’s  finan¬ 
cial  status,  see  page  37.)  ■ 


MG!  Advantage  over  DSL 

MCI  is  making  its  VolP-over-DSL  service  available  in  31 
markets.  Here  are  some  service  details: 

Speed  choices  384K  bit/sec,  768K  bit/sec 

Monthly  price  $200  or  $250  flat  fee,  plus  $40  per  simultaneous  user 

Capacity  Up  to  15  simultaneous  users 

Gear  included  Siemens  SpeedStream  Business  Class  DSL  Router 


Start-up  aims  to  shut  down 
denial-of-service  hits 


■  BY  TIM  GREENE 

Start-up  IntruGuard  Devices  will  use  the 
NetWorld+Interop  show  this  week  to  launch  rate- 
based  equipment  designed  to  protect  servers  from 
denial-of-service  attacks. 

The  company’s  first  two  appliances, the  IG200  and 
lG2000,sit  between  servers  and  the  Internet, cutting 
off  server-bound  traffic  that  exceeds  customer-set 
thresholds.These  spikes  are  an  early  warning  that  a 
DoS  attack  is  underway  that  could  overwhelm  the 
servers. 

What  could  set  IntruGuard  apart  from  other  ven¬ 
dors  selling  this  type  of  equipment  is  that  it  has 
developed  chips  to  handle  traffic  sorting  and  it  has 
the  benefit  of  seeing  what  other  vendors  have  tried, 
says  Rodney  Thayer,  a  network  security  consultant 
with  Canola-Jones  and  a  member  of  Network 
World’s  Lab  Alliance  test  program.  Competitors 
include  Captus  Networks,  DeepNines  Technologies, 
Top  Layer  Networks  and  Vsecure  Technologies. 

Products  from  these  compa¬ 
nies  use  policies  to  limit  traffic 
that  can  reach  servers,  and  each 
has  its  own  set  of  tools  for  defin¬ 
ing  traffic  to  be  controlled  and 
what  to  do  when  limits  are  ex¬ 
ceeded.  The  products  also  differ 


in  whether  they  include  other  security  such  as 
firewalls. 

Thayer,  who  tested  these  other  systems  for 
Network  World  (see  www.nwfusion.com,  Doc- 
Finder:  1955),  says  his  subsequent  test  of  the  Intru¬ 
Guard  gear  showed  it  should  deliver  the  best  per¬ 
formance  for  server  farms  with  eight  to  20  servers. 

Beta  tester  Fiber  Internet  Center,  a  hosting 
provider  in  Palo  Alto, says  the  appliance  can  cut  off 
DoS  attacks  nearly  30  seconds  faster  than  an 
Extreme  Networks  Black  Diamond  switch  that  the 
company  has  configured  to  limit  traffic  rates  to 
stop  DoS  attacks.  According  to  the  center’s  founder, 
Bob  Evans,  the  appliance  protects  a  server  for  a  site 
that  sells  conservative  political  books  that  gets 
attacked  six  to  eight  times  per  day.  While  it  doesn’t 
sound  like  much,  enough  session  requests  can 
come  in  30  seconds  to  slow  down  the  server  or 
even  crash  it,  he  says. 

The  IG200  and  2000  can  set  up  to  eight  different 
rate  policies  based  on  Layer  2, 3  and  4  parameters 
for  different  sets  of  servers  that  a 
single  box  could  protect. 

Scheduled  to  be  available 
in  July,  the  Fast  Ethernet  IG200 
will  cost  $12, 000, and  the  Gigabit 
Ethernet  IG2000  will  cost 
$25,000.  ■ 
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Fast  times  for 
servers  and  apps 

■  BY  PHIL  HOCHMUTH 

Sluggish  application  servers  and  bottlenecked  data  center  links  are 
the  targets  of  several  new  products  scheduled  to  be  announced  this 
week  at  NetWorld+Interop. 

On  tap  are  data  center  switches  that  could  help  corporate  users 
make  their  applications  run  faster  by  offloading  application  and  net¬ 
work  processes  from  servers  to  appliances,  vendors  say.  Also  being 
announced  is  server  adapter  hardware  aimed  at  putting  fatter  net¬ 
work  pipes  into  servers. 

Vendors  scheduled  to  launch  gear  at  the  show  include: 

•  NetScaler,  which  is  introducing  Version  2.0  of  its  9300-series  appli¬ 
cation  acceleration  appliance.The  NetScaler  box,  based  on  Intel  Xeon 
processors  and  a  Gigabit  Ethernet  backplane,  is  used  in  corporate  and 
service  provider  networks  as  a  server  load  balancer  and  Layer  7  appli¬ 
cation  switch,  and  for  HTTP  Web  traffic  compression.The  box  also  can 
act  as  a  Secure  Sockets  Layer  (SSL)  VPN  termination  device. 

The  new  software  compresses  TCP-based  application  data,  letting 
client-server-based  programs,  such  as  ERP  or  database  applications, 
run  faster  by  taking  up  less  WAN  or  LAN  bandwidth.  Another  new  fea¬ 
ture  lets  the  NetScaler  box  cache  static  and  dynamic  application  and 
database  data  from  servers,  and  deliver  the  data  to  client  machines. 
The  vendor  says  this  feature  will  help  free  server  processing  power 
and  make  enterprise  applications  run  faster. 

Another  feature  on  the  NetScaler  box  is  upgraded  support  for  SSL 
VPN  traffic.  The  new  software  lets  a  NetScaler  9300  support  up  to 
5,000  SSL  VPN  connections  simultaneously  (twice  as  many  as  were 
supported  on  the  previous  9300  version). 

•  Coyote  Point  Systems,  which  also  will  have  a  new  application 
acceleration  device  at  the  show.  Like  NetScaler,  Coyote  Pbint’s 
Equalizer  Extreme  is  based  on  an  Intel  server  architecture. The  com¬ 
pany  is  teaming  with  Dell  to  offer  its  load-balancing, SSL  acceleration 
device  on  a  PowerEdge  1750  server. 

Coyote  Point’s  product  would  sit  at  the  edge  of  a  data  center  and  bal¬ 
ance  traffic  among  Web  and  application  servers.The  device  can  offload 
SSL  encryption  from  servers.This  could  let  Web  servers  that  process  sen¬ 
sitive  data  —  such  as  credit  card  purchases  —  run  faster  and  handle 
more  connections.The  Coyote  Point/Dell  product  costs  $10,000. 

Gear  from  NetScaler  and  Coyote  Point  competes  with  products 
from  Cisco,  Crescendo,  F5  Networks,  Foundry  Networks,  Nortel,  Rad- 
ware,  Redline  Networks  and  Top  Layer  Networks. 

•  Intel,  which  will  show  a  new  server  multi-mode  fiber  network 
interface  card.  It  is  the  second  10G  Ethernet  adapter  from  the  vendor, 
following  the  introduction  of  its  single-mode  fiber  10G  NIC  last  year. 
The  new  device  is  based  on  the  same  PCI-X  interconnect  standard  as 
Intel’s  previous  10GNIC,but  is  smaller. The  NIC  supports  the  lOGBase- 
SX  standard  for  10G  over  multi-mode  fiber, with  a  range  of  up  to  1,000 
feet. The  NIC  is  available  for  about  $5,000. 

•  Also  on  the  NIC  front,  Broadcom  will  introduce  chips  for  server 
adapters  that  will  let  NIC  vendors  combine  server  and  storage  network¬ 
ing  functions.The  NIC  silicon  combines  Gigabit  Ethernet  with  ISCSI  stor¬ 
age  protocol  support, as  well  as  TCP  offloading  and  remote  direct  mem¬ 
ory  access  (RDMA)  technology 

The  RDMA  and  TCP  offload  fea¬ 
tures  in  the  silicon  are  aimed  at 
making  servers  run  applications 
faster.  TCP  offload  lets  a  server 
devote  more  CPU  power  to  applica¬ 
tion  processing,  with  network  pro¬ 
cessing  offloaded  to  NIC  hardware. 

RDMA  lets  the  server  inject  network 
traffic  data  into  server  memory,  by¬ 
passing  the  CPU  and  I/O  channels, 
which  can  cause  latency  in  high- 
end  applications.  Broadcom  says  Cant  attend  N+ 1,  read  daily  updates  from 
the  NICs  will  be  available  from  ven-  the  show  floor, 

dors  later  this  year  for  about  $200.  ■  DocFinder  1969 
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Wireless  security,  voice 
wares  to  rollout  at  N+l 


■  BY  JOHN  COX 

Vendors  this  week  will  showcase  a  bat¬ 
tery  of  products  designed  to  advance 
wireless  networks. 

The  offerings,  being  shown  at  Net- 
World+Interop  in  Las  Vegas,  address  such 
areas  as  Bluetooth  security  and  voice 
traffic  quality. 

AirDefense  will  unveil  BlueWatch,  soft¬ 
ware  that  works  with  a  Bluetooth  radio 
adapter  card  in  a  laptop  to  scan  for  Blue 
tooth  signals.  It’s  one  of  the  few  on  the  mar¬ 
ket;  Red-M  also  offers  a  scanning  product. 

Bluetooth  is  a  generally 
short-range  radio,  typically 
30  to  100  feet  —  although 
Class  1  devices  can  reach 
about  350  feet.  Bluetooth 
is  being  embedded  or 
plugged  into  handhelds,  laptops,  cell 
phones  and  headsets,  but  also  is  bringing 
new  risks. 

“Our  chief  security  officer  has  done 
demonstrations  of  how  to  use  your 
Bluetooth  cell  phone  to  connect  to  another 
Bluetooth  cell  phone,  and  use  that  other 
phone  to  make  a  call,”  says  Jay  Chaudhry 
executive  chairman  of  AirDefense. 

BlueWatch  runs  on  any  Windows  XP  or 
2000  laptop.  It  scans  for  Bluetooth  signals 
via  a  Bluetooth  USB  adapter.  Currently, you 
have  to  carry  the  laptop  around  to  scan. 
Later  this  year,  as  with  its  802.11  wireless 
LAN  (WLAN)  scanning  products,  Air¬ 
Defense  will  add  code  so  that  its  compact 
radio  sensors,  distributed  through  a  build¬ 
ing,  will  be  able  to  pick  up  Bluetooth  sig¬ 
nals  and  pass  information  back  to  a 
server.  A  tabbed  graphical  displays  lays 
out  information  about  the  devices, signals 
and  other  features. 

Joseph  Dell,  CTO  for  Vigilar,  an  Atlanta 
information  security  firm,  uses  BlueWatch 
to  monitor  cellular  phones, some  printers 
and  sometimes  ad  hoc  Bluetooth  net¬ 
works  in  the  company’s  offices  and  else¬ 
where  in  the  building.“People  try,  often  by 
accident,  to  connect  to  our  Bluetooth  net¬ 
work,”  he  says.“We  keep  an  eye  on  it  [with 


More  online! 


In  this  Webcast,  Craig  Mathias,  principal  at  Farpoint 
Group,  leads  you  through  the  pros  and  cons  of  wire¬ 
less  networking.  Mathias  keynoted  Network  World's 
Wireless  LANs  Technology  Tour  and  shares  highlights 
from  his  presentation. 
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BlueWatch]  and  can  mitigate  the  risks.” 

BlueWatch  will  be  released  this  month 
and  will  retail  for  $295. 

Also  at  the  show.  Ai respace  will  introduce 
three  products,  including  the  first  access 
point  to  use  multiple  input  multiple  output 
(MIMO)  smart  antenna  technology. 

MIMO  uses  two  or  more  antennas  and 
clever  algorithms  to,  in  effect,  send  data 
over  multiple  signal  paths  at  the  same 
time.  The  result  is  in  increased  capacity 
and  range  compared  to  conventional 
WLAN  antennas. 

The  Airespace  Intelligent  RF  Access  Fbint 
is  intended  for  sites  that 
have  lots  of  radio  fre¬ 
quency  interference  or 
where  high  performance 
or  long  range  is  critical, 
says  Jeff  Aaron,  senior 
manager  of  marketing. 

He  says  MIMO  antennas  create  a  more 
symmetrical  radio  environment,  provid¬ 
ing  a  more  consistent  and  reliable  signal 
than  conventional  access  points. 

Users  should  see  two  to  three  times  the 
throughput  (up  to  the  maximum  54M 
bit/sec)  and  range  of  Airespace’s  existing 
1200  access  point,  according  to  Aaron. 

The  MIMO  device  is  scheduled  to  ship  in 
the  third  quarter.  Price  has  not  been  set. 

Also  new  from  Airespace  is  Airespace 
Wireless  Location  Services  (AWLS), which 
features  the  company’s  existing  RF  Finger¬ 
printing  software  on  a  dedicated  PC 
server. The  software  can  calculate  a  user’s 
location  to  within  about  15  feet,  in  90%  of 
the  cases,  Aaron  says. 

New  APIs  let  outside  applications,  such 
as  ERR  scheduling  or  emergency  911 
applications,  access  AWLS  data.The  appli¬ 
ance  will  be  available  in  the  third  quarter, 
and  pricing  has  not  been  finalized. 

AWLS  also  will  be  able  to  track  a  new 
802.11  active  radio  frequency  identifica¬ 
tion  tag,  based  on  Bluesoft’s  AeroScout 
tag.  About  the  size  of  a  small  matchbox, 
the  tag  can  be  attached  to  portable  radi¬ 
ology  equipment, airport  luggage  contain¬ 
ers  or  mobile  manufacturing  gear.  Unlike 
typical  passive  tags,  the  AeroScout  tech¬ 
nology  sends  out  a  continuous  802.1  lb/g 
signal,  which  AWLS  can  pick  up  and 
process.Tags  will  cost  $95. 

Another  vendor,  Colubris  Networks,  says 
it  is  upgrading  its  CN1250  access  points  to 
better  support  voice. 

Colubris  will  become  the  latest  vendor 
to  include  the  Spectralink  Voice  Priority 
protocol  in  its  WLAN  gear. The  protocol  is 
a  widely  used  quality-of-service  (QoS) 
technology  for  VoIP  calls. 

Each  Colubris  access  point  can  run  up 
to  16  separate  media  access  control 
addresses,  known  as  Basic  Service  Set 
Identifiers.  With  Spectralink  Voice  Priority 
See  Wireless,  page  14 
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BrightStor®  ARCserve® 
Backup  Release  11 

Easier  than  ever. 


BrightStor  ARCserve 
Backup  Release  11 
features  the  very  latest 
in  storage  innovations. 
As  a  result,  it's  easier 
and  faster  than  ever, 
enhancing  both  efficiency  and  productivity. 
So  you  can  be  confident  your  files  are 
properly  backed  up  and  will  easily  be 
restored  should  a  disaster  occur.  For  more 
information,  go  to  ca.com/storage/arcserve. 
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FreeTrial  of  BrightStor 
ARCserve  Backup  Release  11. 
Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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Cisco 
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of  its  Wireless  LAN  Solution 
Engine  (WLSE),  plus  a  new 
indoor-outdoor  Aironet  access 
point/bridge.  To  complete  the 
package,  users  also  need  the 
Supervisor  Engine  720. 

Assuming  an  existing  6500,  the 
total  price  for  the  package,  with 
additional  software  licensing, 
would  be  about  $62,500. 

Individual  prices  are  $18,000 
for  the  new  Catalyst  blade, 
licensed  for  up  to  150  Aironet 
access  points  (users  can  expand 
that  to  300  access  points  with  the 


support  the  Multipoint  General 
Routing  Encapsulated  (GRE) 
protocol.  The  access  points  use 
GRE  to  tunnel  back  across  the  IP 
network  to  the  6500. 

The  switch  takes  care  of  pro¬ 
cessing  all  the  data  traffic  gener¬ 
ated  by  the  WLAN.  The  new 
blade  takes  care  of  the  unique 
features  of  wirelessly  connected 
clients:  tracking  users,  Layer  3 
fast  roaming  over  subnets  and 
maintaining  IP  addresses. 

One  Cisco  WLAN  user  eager  to 
pilot  the  new  product  is  John 
Halamka,  CIO  of  CareGroup 
Health  System,  a  Boston  health¬ 
care  consortium.  “Layer  3  roam¬ 


6  *  [Cisco  has]  this  ‘white  elephant’  in  the 
back  of  the  network,  and  they  give  you 
GRE  services  at  the  core.  That's  not  a 
WLAN  switching  architecture." 

Gary  Singh 

Senior  director  of  marketing,  Symbol  Technologies 


Advanced  Feature  Set  for  Cisco’s 
IOS  for  $8,000  if  they  don’t 
already  have  AFS);  $8,495  for  the 
WLSE  server  Version  2.7;  and 
$28,000  for  the  Supervisor 
Engine  720. 

Relative  simplicity 

For  existing  Cisco  customers, 
the  relative  simplicity  of  deploy¬ 
ing  large-scale  WLANs  might  be 
a  key  attraction.  The  new  blade 
can  be  slotted  into  the  6500,  with 
the  Supervisor  Engine  720.  Users 
then  can  and  download  a  soft¬ 
ware  update  to  the  Cisco  Aironet 
access  points,  enabling  them  to 


ing  is  desirable,  as  we  do  not 
want  to  extend  Layer  2  broadcast 
domains  beyond  our  distribu¬ 
tion  layer  [in  the  network],”  he 
says.  Layer  2  wireless  bridging 
caused  a  network  outage  in 
2002.  “We  are  very  enthusiastic 
about  Cisco’s  new  product,”  he 
says. 

“As  long  as  the  functions  and 
services  they  introduce  to  the 
switch  do  not  add  undesirable 
workload  to  the  switch’s  CPU 
and  backplane,  or  require  us  to 
introduce  a  Catalyst  operating 
system  version  that  is  not 
mature,  we  should  be  OK,” 


Halamka  says. 

“You  enable  [the  WLAN]  using 
a  large  number  of  services 
already  available  on  the  Catalyst 
6500,”  says  Abner  Germanow,  pro¬ 
gram  manager  for  enterprise  net¬ 
works  at  IDC.  “For  the  unique 
WLAN  services,  you  have  the 
improved  WLSE,  where  they  now 
have  enough  in  there  to  address 
the  security  concerns  around 
access  points  and  do 
more  radio  frequency 
management.  Combine 
this  with  the  roaming  and 
other  functions  in  the 
new  6500  module  and  it’s 
a  pretty  strong  solution.” 

Rivals  disagree,  arguing  that 
Cisco’s  package  is  a  pricey 
kludge. 

“They’ve  got  this  ‘white  ele¬ 
phant’  in  the  back  of  the  net¬ 
work,  and  they  give  you  GRE  ser¬ 
vices  at  the  core.  That’s  not  a 
WLAN  switching  architecture,” 
says  Gary  Singh,  senior  director 
of  marketing  at  Symbol  Technol¬ 
ogies,  which  previously  offered 
traditional  WLAN  access  points, 
but  now  is  betting  the  farm  on  its 
WS  5000  wireless  switch.  (Read 
more  on  this  topic  with  our  Face- 
off,  page  55.) 

Singh  says  that  Cisco’s  WLAN 
scheme  is  simply  a  very  expen¬ 
sive  way  to  manage  the  Aironet 
access  points,  which  run  a  spe¬ 
cial  version  of  Cisco’s  IOS  soft¬ 
ware.  “They’ve  picked  an  archi¬ 
tecture  that’s  very  heavy,  and 
expensive,  for  most  deploy¬ 
ments,”  he  says. 

A  “heavyweight”  solution  does¬ 
n’t  bother  some  users.“I  do  agree 
that  having  IOS  on  the  [Aironet] 
access  points  is  like  adding  hun¬ 
dreds  of  routers  to  our  network,” 


Wireless 

continued  from  page  13 

each  access  point  can  have  one  traffic  queue  for 
data  and  one  for  voice,  with  one  or  more  addresses 
set  aside  for  prioritized  voice  traffic. 

The  access  points  also  will  include  code  for  the 
Wireless  Multimedia  Extensions,  a  subset  of  the 
QoS  features  that  are  nearing  final  approval  as  the 
802.1  le  standard. 

These  upgrades  to  the  Colubris  gear  are  sched¬ 
uled  for  availability  in  July. 

WLAN  mesh  vendor  Firetide  will  use  N+I  to  unveil 
its  HotPbint  1000R,a  ruggedized  version  of  its  wire¬ 
less  access  point  for  outdoor  use.  The  company’s 
existing  1000S  is  an  indoor  access  point.  Both  use  a 


H  Read  about  more  wireless  products  that 
are  expected  to  be  on  tap  at  NetWorld+ 
Interop.  PAGE  24. 


802.1  lb/g  radio  and  a  set  of  algorithms  to  create  a 
mesh  network  topology,  similar  to  that  of  the 
Internet.  Traffic  is  routed  over  this  wireless  mesh 
instead  of  cables. 

The  product,  which  has  a  range  of  about  2  miles 
and  includes  two  Ethernet  ports,  will  be  generally 
available  in  June  for  about  $2,000. 

Also  at  the  show,  Senforce  Technologies  will 
release  Enterprise  Mobility  Security  Manager  2.5, 
client/server  software  for  administering  network 
access  on  mobile  devices. 

The  new  version  includes  code  that  lets  adminis¬ 
trators  control  whether  and  how  data  can  be  stored 
on  a  mobile  laptop  or  PDA,  or  on  any  attached 
peripheral  device.  Policies  can  be  set  that  only  let 
an  end  user  store  data  on  the  built-in  hard  drive,  not 
a  USB-attached  mini-drive  or  CD. 

Senforce’s  client  runs  as  a  Network  Driver  Interface 
Specification  driver  at  Layer  2,  where  it  can  do  fast, 
stateful  inspection  of  packets.  Policies  set  on  a  serv¬ 
er,  such  as  shutting  off  a  WLAN  card  if  security  trou¬ 
ble  is  detected, are  enforced  on  the  client. 

Version  2.5  costs  $89  per  user,  with  a  yearly  mainte¬ 
nance  charge  that  is  20%  of  the  total  per-seat  fee.  ■ 


All  together  now 

Cisco’s  Wireless  LAN 
Services  Module  is 
designed  to  help 
companies  marry 
wireless  and  wireline 
networks  by  bringing 
WLAN  features  to  the 
Catalyst  6500  switch. 


1  Enables 
Cisco  Aironet 
access  points  to  tunnel 
to  the  6500  without  chang¬ 
ing  the  wired  network. 

•  Layer  3  roaming  between 
subnet. 

•  Segmenting  of  end  users 
into  groups  without  using 
virtual  LANs. 

•  Extension  of  Catalyst  6500- 
based  services,  such  as 
access  control  lists  and 
quality  of  service,  to 
WLAN  users. 

v _ _ _ y 

says  Todd  Diersheide.a  senior  net¬ 
work  engineer  at  Sovereign  Bank 
in  Wyomissing,  Pa.  “We  already 
manage  hundreds  of  routers  on 
our  network,  and  I  consider  that 
something  we  do  very  well.” 

As  for  Symbol’s  contention  that 
Cisco’s  offering  is  expensive, 
Cisco  officials  disagree. 

“If  you  look  at  any  medium-size 
business  or  a  10-story  building, 
and  all  of  a  sudden,  they’ll  easily 
have  150  to  200  access  points,” 
counters  Douglas  Gouray,  prod¬ 
uct  line  manager  for  Cisco’s 
Internet  systems  business  unit. “If 
you  take  an  [entirely  new] 
deployment,  with  the  Supervisor 
Engine  and  the  new  6500  mod¬ 
ule,  and  divide  that  by  the 
[maxim]  number  of  access 
points  supported  [300] ,  it’s  a  very 
cost-effective  number,”  he  says. 

Feel  the  power 

Throughput, or  how  much  wire¬ 
less  traffic  each  switch  can  han¬ 
dle  is  another  consideration,  and 
Cisco  touts  the  power  of  the 
6500’s  hardware. 

“Look  at  our  throughput  num¬ 
bers,  compared  to  a  single 
Gigabit  Ethernet  port  [on  some 
rival  WLAN  switches].  If  you  do 
the  math, some  of  these  switches 
can  only  support  about  13 
access  points. You’d  need  16  dif¬ 
ferent  switches  to  support  300,” 
Gouray  says.  By  contrast,  he  says, 
the  6500  with  just  one  forward¬ 


ing  engine,  terminating  the 
WLAN’s  fast  secure  roaming  tun¬ 
nels  in  hardware,  can  handle  10 
million  packets  per  second  for 
WLAN  users.  Cisco  says  one  of 
the  new  blades  can  support 
6,000  users  on  300  access 
points. 

Those  are  important  numbers 
for  big  customers,  for  whom  last 
week’s  news  is  a  “superb  an¬ 
nouncement,”  says  Gary 
Berzack,  CEO  for  Tribeca 
N®  Express,  a  Manhattan  net¬ 
work  integrator  that  has 
worked  with  Aironet 
WLANs  for  nearly  10  years. 
“We  have  existing  [network] 
infrastructures  where  we  can  just 
throw  this  in.  [Through  Cisco] 
we  can  have  a  national  procure¬ 
ment  capability  I  can  get  round- 
the-clock  support  and  decent 
support  [response]  times.  It’s  a 
known,  well-designed  enterprise- 
class  product.” 

But  there  are  weak  points,  he 
acknowledges.  “Companies  like 
AirMagnet  have  thoroughbred 
[WLAN  scanning]  sensors  de¬ 
signed  for  the  enterprise  space,” 
he  says.  “Don’t  rely  on  [the  6500 
blade  and  the  new  version  of 
WLSE]  for  all  your  intrusion- 
detection  system  and  radio-fre¬ 
quency  monitoring.  There  are 
other  things  out  there  that  are  far 
more  mature.” 

Berzack  acknowledges  that  the 
prices  are  hefty  “It’s  not  for  the 
faint  of  heart,”  he  says.“It’s  aimed 
at  quite  large  deployments.” 

But  some  in  the  hungry  pack  of 
vastly  smaller  rivals,  all  of  whom 
offer  dedicated  WLAN  switches 
and  simplified  access  points, 
might  be  repositioning  them¬ 
selves,  ceding  the  biggest  corpo¬ 
rations  to  Cisco  and  intensifying 
their  battle  for  the  small  to 
midrange  market. 

“You  may  see  competitors  start 
to  focus  on  the  smaller  enterpris¬ 
es,  where  the  Cisco  solution  is 
too  complex  and  expensive,” 
IDC’s  Germanow  says.  ■ 


More  online! 

Demomobile  2004:  The  launchpad  for  a 
wireless  world  to  be  held  Sept.  8-10  in  La 
Jolla,  Calif.  Be  the  first  to  see,  touch  and 
explore  the  best  of  what's  next  in  wireless. 
Register  today! 
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AT&T  launches  network- 
based  IP  VPN  over  MPLS 


■  BY  DENISE  PAPPALARDO 

AT&T  is  offering  users  another  flavor  of 
VPN  that  the  carrier  says  is  more  economi¬ 
cal  than  traditional  frame  relay  networks 
and  typically  more  economical  than  cus¬ 
tomer  premises  equipment-based  IP  VPNs. 

AT&Ts  Network  Based  IP  VPN  service 
runs  over  the  Multi-protocol  Label  Switch¬ 
ing  (MPLS)  public  IP  network,  which  lets 
users  set  up  a  fully  meshed  IP  VPN. This  is 
in  addition  to  AT&T’s  current  network- 
based  VPN  service,  IP  Enabled  Frame 
Relay 

AT&T  is  not  the  first  carrier  to  offer  a  net¬ 
work-based  IP  VPN  service,  but  it  says  most 
competitors,  such  as  Sprint  and  MCI,  are 
doing  so  over  private  IP  networks.  AT&T  is 
using  MPLS  to  keep  its  customers’VPN  traf- 


Sasser 

continued  from  page  11 

The  organization  has  deployed  Sana 
Security’s  Primary  response  software  on  its 
patched  and  unpatched  servers,  and  con¬ 
figured  it  in  advance  to  minimize  potential 
Sasser  worm  exploits. 

Other  firms  say  worm-blocking  barriers  at 
the  Internet  gateway  stopped  Sasser’s  flood 
from  striking  them. 

Andre  Foster,  vice  president  of  IT  at 
Cable  Bahamas  in  Nassau,  says  he  set  up 
TippingPoint  Technologies’  UnityOne 
appliance  to  filter  out  Sasser  after  seeing 
Blaster  sap  the  service  provider’s  network 
capacity  last  year. 

Mark  Georgis,  network  administrator  at 
Long  Beach  Transit  in  California,  says  he 
used  Fortinet’s  FortiGate  appliance  to 
block  Sasser  coming  in  from  the  Internet 
and  monitored  for  any  worm  outbreaks  on 
the  inside  with  Network  Instruments’  Ob¬ 
server  tool.  But  luck  was  on  his  side,  too, as 
Georgis  acknowledges  all  the  organiza¬ 
tion’s  patching  wasn’t  up  to  date. 

“I  was  scared  to  death,’ ’he  says.The  Sasser 
scare  now  has  him  setting  up  his  LANDesk 
systems  management  tool  to  automate 
patch  updates  to  desktops  the  minute 
they’re  available.  ■ 


More  online! 


Fearful  that  you  are  overspending  and  overbuilding 
your  security  infrastructure?  Learn  the  best  way  to 
evaluate,  integrate  and  deploy  to  meet  your  true  secu¬ 
rity  needs  at  Network  World's  security  event. 
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fic  separate  and  secure  as  it  runs  over  the 
carrier’s  Internet  backbone. 

“Native  IP  provides  cost  advantages  to 
customers  because  they  can  opt  for  usage- 
based  billing  ...and  multiple  management 
options,”  says  Rose  Klimovich,  vice  presi¬ 
dent  and  general  manager  of  global  VPN 
services  at  AT&T.  Also,  because  the  service 
is  supported  on  the  carrier’s  “native  IP  infra¬ 
structure,”  IP  VPN  customers  are  using  the 
same  access  routers  as  dedicated  Internet 
access  customers.  This  presents  a  cost 
advantage  to  AT&T,  which  doesn’t  need  to 
manage  multiple  edge  devices  to  support 
multiple  services. 

In  contrast,  AT&T’s  IP  Enabled  Frame 
Relay  service  uses  different  edge  gear  to 
connect  users  coming  into  the  Internet 
network  via  dedicated  frame  relay  circuits. 

One  customer  is  seeing  the  cost  benefits. 
CS  Group,  which  provides  building  prod¬ 
ucts  for  architects,  moved  from  a  national 
frame  relay  network  to  the  AT&T  Network 
Based  IP  VPN  service  about  six  months  ago 
and  expects  to  save  $100,000  over  the  next 
two  years,  says  Michael  Dyson,  director  of 
IT  at  the  Lebanon,  N.J.,  company 

“The  main  reason  we  went  with  an  MPLS 
network  is  because  we  have  a  fully  meshed 
network  for  less  per  month,”  Dyson  says. 
“Every  site  has  a  dedicated  T-l.  Before  we 
had  all  of  these  [permanent  virtual  cir¬ 
cuits]  with  bandwidth  restraints  and  single 
points  of  failure.” 

CS  Group  also  moved  away  from  frame 
relay  because  it  wanted  to  deploy  ad¬ 
vanced  applications  such  as  VoIP  and  uni¬ 
fied  messaging.  Dyson  says  his  group  is  in 
the  midst  of  deploying  both. 

Currently  AT&T  is  only  offering  its 
Network  Based  IP  VPN  service  domestic¬ 
ally  The  carrier  says  it  will  roll  out  the  ser¬ 
vice  internationally  in  the  future,  but  would 
not  provide  a  time  frame. 

AT&T’s  offering  includes  a  standard  ser¬ 
vice-level  agreement.  The  carrier  guaran¬ 
tees  99.99%  service  availability,  that  latency 
will  not  exceed  60  millisec  and  that  packet 
loss  will  not  exceed  0.7%. 

The  service  starts  at  about  $700  per 
month  per  dedicated  T-l  site,  depending  on 
number  of  sites.  Users  can  have  AT&T  fully 
manage  their  network  or  choose  the  un¬ 
managed  version  of  the  service.  AT&T  also 
offers  burstable  T-l  services  where  fees  are 
based  on  average  usage  for  the  month.* 


Correction 


■  On  page  37  of  this  week's  issue, 

;  AT&T's  anticipated  capital  expenditures 
|  should  be  noted  as  S2.5  billion.  Because 
:/  of  our  printing  schedule,  the  change  could 
|  not  be  made  to  that  page  before  publish- 
ing  this  issue. 
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That  advanced. 

BrightStor®  ARCserve® 
Backup  Release  11 

More  advanced  than  ever. 

BrightStor  ARCserve 
Backup  Release  11  features 
the  latest  advancements 
in  storage  innovations. 
As  a  result,  it's  faster  and 
easier  than  ever,  enhancing 
both  efficiency  and  productivity.  So 
you  can  be  confident  your  files  are 
properly  backed  up  and  will  easily  be 
restored  should  a  disaster  occur.  For  more 
information,  go  to  ca.com/storage/arcserve. 


FREE 

TRIAL 


Free  Trial  of  BrightStor 
ARCserve  Backup  Release  11. 
Visit  ca.com/storage/arcserve 
or  call  1-866-558-2798. 
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Topspin  boosts  InfiniBand  switch 


From  the  top 


Topspin  is  adding  intelligence  to  its  InfiniBand 
switches  to  help  end  users  share  resources 
in  heterogeneous  environments. 

A  look  at  how  it  works: 


VFrame-enabled 
InfiniBand  switch 


or 
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console 
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Servers 


Storage 


O  VFrame  software  embedded  into  a  Topspin  InfiniBand  switch  lets  it  link  into  manage¬ 
ment  tools  such  as  IBM’s  Tivoli  Intelligent  ThinkDynamic  Orchestrator.  A  policy  in  the 
Tivoli  software  would  tell  the  VFrame-enabled  switch  that  when  traffic  reaches  a 
certain  point,  another  server  meeting  certain  CPU  and  memory  criteria  should  be 
brought  online. 

©  The  VFrame-enabled  switch  finds  that  resource  and  triggers  Topspin’s  remote  boot 
capabilities  to  boot  a  server  with  the  specified  application  and  operating  system  over 
the  InfiniBand  network. 

©The  switch  also  maps  the  newly  provisioned  server  to  the  appropriate  network  and 
storage  links  so  that  it  has  access  to  clients  and  storage. 


■  BY  JENNIFER  MEARS 

InfiniBand  vendor  Topspin 
Communications  is  rolling  out 
software  it  says  will  let  users 
combine  heterogeneous  servers 
and  storage  into  a  pool  of  re¬ 
sources  that  can  grow  and  shrink 
in  response  to  application 
demands. 

Currently,  Topspin’s  switches 
connect  servers  into  clusters 
using  InfiniBand, a  high-speed  I/O 
switching  fabric.  The  switches 
include  gateways  that  let  those 
servers  link  to  Ethernet  LANs  and 
SANs  via  Fibre  Channel  so  that 
servers  need  only  connect  to  the 
Topspin  switch,  rather  than  sup¬ 
porting  multiple  cables  for  net¬ 
work,  storage  and  server-to-server 
communication. 

With  the  new  software,  called 
VFrame,  an  InfiniBand  switch 
becomes  the  director  in  a  util¬ 
ity  computing  environment, 
says  Stu  Aaron,  vice  president 
of  marketing  and  product 
management. 

Today,  InfiniBand  is  used  pri¬ 
marily  in  high-performance 
computing  clusters,  although 
analysts  say  it  is  making  its  way 
into  corporate  data  centers  in 
niche  deployments  such  as  data¬ 
base  clusters. 


VFrame  lets  a  switch  respond 
to  policies  and  rules  in  a  variety 
of  management  tools  and  then 
provision  servers  —  and  the 
appropriate  storage  and  network 
connectivity  —  on  the  fly  and 
based  on  application  needs. The 
VFrame  software  suite  includes 
APIs  that  hook  into  management 
and  provisioning  tools  that  tell 
the  switch  what  policies  to  look 
for  and  enforce. 

In  addition  to  hooking  into 
management  tools  from  major 
systems  vendors  such  as  Dell,  HR 
IBM  and  Sun, Topspin  is  partner¬ 
ing  with  other  vendors  such  as 
VMware,  Platform  Computing, 
Oracle,  Opsware  and  Qlusters  to 
integrate  support  for  those  tech¬ 
nologies  into  its  InfiniBand 
switch. 

VFrame  is  a  next  step  for 
Topspin,  which  has  been  focus¬ 
ing  on  making  its  switches  a  part 
of  utility  computing  and  virtual 
server  environments,  analysts 
say.  The  software,  available  now 
at  a  starting  price  of  $10,000, 
comes  after  Topspin’s  March 
introduction  of  a  remote  boot 
service  that  lets  diskless  servers 
be  provisioned  with  applica¬ 
tions,  operating  system,  storage 
and  I/O  resources  on  the  fly  and 
over  a  network. 


Up  the  food  chain 

“VFrame  is  Topspin’s  next  piece 
of  the  puzzle  as  they  move  fur¬ 
ther  and  further  up  the  food 
chain  from  being  just  an 
InfiniBand  switch  company  to  a 


company  that’s  allowing  the 
managing  and  the  provisioning 
of  physical  resources,”  says 
Vernon  Turner,  group  vice  presi¬ 
dent  of  global  enterprise  server 
solutions  at  IDC. 

Turner  says  other  InfiniBand 
switch  makers,  such  as  InfiniCon 
Systems  and  Voltaire,  offer  man¬ 
agement  capabilities  but  don’t 
integrate  with  third-party  man¬ 
agement  and  provisioning  tools 
the  way  Topspin’s  VFrame  prom¬ 
ises  to.  The  key  for  Topspin,  he 
says,  is  to  continue  integrating 
rules,  such  as  security  policies, 
into  the  switch. 

Burlington  Coat  Factory,  based 
in  Burlington,  N.J.,  in  April  de¬ 
ployed  VFrame  on  a  Topspin  360 
Server  Switch  with  Ethernet  and 
Fibre  Channel  gateways  to  run 
an  Oracle  10G  database  on  disk¬ 
less  IBM  x345  servers  running 
Linux.  The  database  connects  to 
a  Hitachi-based  SAN. 

John  Decatur,  systems  special¬ 
ist  at  the  retailer,  says  he  expects 
the  database  performance  to 
nearly  double  and  expects  sav¬ 
ings  as  a  result  of  hardware  con¬ 
solidation  by  using  the  VFram 
e-enabled  switch. 

“We  also  see  a  great  savings  in 
provisioning.  Since  they  are  [not 
dedicated]  servers,  we  can  rede¬ 
ploy  them  in  a  flash  to  where  the 
workload  is  needed  instead  of 
using  dedicated  systems  that  are 
not  fully  utilized,”  he  says.H 


RSA  adds  federated  ID  mgmL 


■  BY  ELLEN  MESSMER 

RSA  Security  last  week  announced  Federated 
Identity  Manager,  Java-based  server  software  that 
can  be  used  to  exchange  recognized  “trust  identi¬ 
ties”  among  businesses  to  provide  authentication 
and  authorization  for  customers  and  employees. 

RSA  has  included  this  identity  management  fea¬ 
ture  as  an  add-on  to  its  Web  access  software, 
ClearTrust,  but  now  is  making  it  available  as  a  stand¬ 
alone  product, according  to  Howard  Tieg, senior  pro¬ 
ject  manager.  Federated  Identity  Manager  supports 
the  Organization  for  the  Advancement  of  Structured 
Information  Standards  Security  Assertions  Markup 
Language  (SAML)  1.0  and  1.1  specifications.  The 
software  also  can  use  RSA  SecurlD  tokens  for  strong 
authentication  in  lieu  of  simple  passwords. 

By  fall,  RSA  plans  to  extend  identity  management 
software  to  address  a  number  of  requirements,  such 
as  mandated  log-out  controls  or  identity  mappings 
of  differing  online  identities,  that  haven’t  been  part 
of  SAML  but  are  in  demand  from 
businesses. 

RSA  is  backing  the  work  that  the 
Liberty  Alliance  Project  and  Web 
Services  Federation  have  done  in 
these  areas.  “There’s  quite  a  lot  of 
fragmentation  here,”Tieg  says."But 


hopefully  we  can  have  convergence  between  them.” 

According  to  Burton  Group  analyst  Daniel  Blum, 
there  are  a  handful  of  other  vendors,  including 
Oblix,  which  have  products  that  compete  with 
Federated  Identity  Manager.  Netegrity  has  a  product 
called  AffiliateMinder,  he  adds, “but  it  only  commu¬ 
nicates  with  [Netegrity’s  Web  access  control  soft¬ 
ware]  SiteMinder  and  only  receives,  and  doesn’t 
send,  assertions.” 

Wolters  Kluwer,  a  global  legal  IS  firm  headquar¬ 
tered  in  Amsterdam,  uses  RSAs  ClearTrust  Web 
access  software  to  provide  customer  access,  and 
recently  began  deploying  Federated  Identity 
Manager. 

“We’re  going  to  use  it  internally  first  in  our  tax  and 
accounting  divisions,”  says  Mike  Antico,  CTO  for  the 
North  America  units.  “We’re  using  it  to  link  the 
dozens  of  legacy  systems  for  authentication  we 
have.  It’s  easier  to  do  this  than  custom  coding.” 

Antico  said  Federated  Identity  Management  offers 
single  sign-on  to  employees  and  customers  by 
exchanging  trust  identities  so  that 
it’s  not  necessary  to  use  multiple 
passwords  or  other  authentica¬ 
tion  to  gain  access  to  multiple 
services. 

Federated  Identity  Manager  is 
priced  starting  at  $25,000.  ■ 
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Start-ups  scramble  for  venture  dollars 


m  BY  CAROLYN  DUFFY  MARSAN 

The  number  of  venture  capital 
deals  involving  network  start-ups 
dropped  to  the  lowest  level  in 
seven  years  during  the  first  quar¬ 
ter.  However,  overall  investment 
in  these  companies  held  steady, 
as  venture  firms  concentrate 
their  dollars  on  the  start-ups  that 


$!im  pickings 

The  11  seed  investments 
in  network  companies  is 
the  fewest  recorded  in 
the  MoneyTree  Survey 
since  it  began  in  1995. 


Start-up/seed  investments 


Early  stage 
Expansion 
Later  stage 

Total  number  of  venture 
capital  investments  in 
network  companies 


seem  most  likely  to  succeed. 

These  are  the  findings  of  the 
quarterly  MoneyTree  survey 
which  is  put  together  by  Price- 
waterhouseCoopers,  the  National 
Venture  Capital  Association  and 
Thomson  Venture  Economics. 
Network  World  receives  a  subset 
of  the  MoneyTree  data  that  targets 
investments  in  network  hardware, 
software  and  services  start-ups. 

The  latest  MoneyTree  numbers 
identify  321  deals  involving  net¬ 
work  start-ups  that  closed  dur¬ 
ing  the  first  quarter. The  amount 


of  deal-making  is  down  14.6% 
from  the  previous  quarter.  The 
last  time  so  few  investments 
were  made  in  network  start-ups 
was  the  third  quarter  of  1996. 
While  the  number  of  deals  went 
down  last  quarter,  the  average 
size  of  the  deals  was  up  slightly. 
Deal  size  averaged  $6.74  million 
in  the  first  quarter,  compared 
with  $6.65  million  in  the  fourth 
quarter. 

The  sharpest  drop  was  in  first- 
round  financing.  Venture  firms 
invested  seed  money  in  11  net¬ 
work  start-ups  —  the  lowest 
number  since  the  MoneyTree 
Survey  began  in  1995.  Until  now, 
the  lowest  number  was  39,  in  the 
first  quarter  of  1995. 

“There’s  a  much  greater 
emphasis  on  commercialization 
than  there  is  on  innovation,” 
says  Kirk  Walden,  national  direc¬ 
tor  of  venture  capital  research  at 
PricewaterhouseCoopers. 
“Revenues,  customers  —  that’s 
what  VCs  are  interested  in,  as 
opposed  to  new  ideas.” 

The  start-ups  that  managed  to 
attract  first-round  financing  run 
the  gamut  from  Groundwork 
Open  Source  Solutions,  an  Oak¬ 
land,  Calif.,  network-monitoring 
software  provider  that  received 
the  first  $300,000  installment  of  a 
multimillion  dollar  commitment 
from  Canaan  Partners  to  Turn- 
Tide,  a  Conshohocken,  Pa.,  pro¬ 
vider  of  anti-spam  systems  that 
attracted  $1  million  from  Inno¬ 
vation  Philadelphia.  TurnTide 
was  named  one  of  Network 
World's  10  start-ups  to  watch  in 
2004  (see  www.nwfusion.com, 
DocFinder:  1970). 

The  largest  first-round  financ¬ 
ing  deal  was  an  $8  million 
investment  in  Electriphy,  which 


Venture  deals  drop  to  seven-year  low 

But  dollars  invested  in  network  start-ups  hold  steady. 


The  top  10 

Security  and  storage  technology  dominated  first-quarter  venture  deals. 


Company 

Funding 

Headquarters 

Primary  business 

CipherTrust 

$42M 

Alpharetta,  Ga. 

Enterprise  security  software  and  hardware. 

Vonage 

$39. 9M 

Edison,  N.J. 

VoIP  services. 

Fortinet 

$39M 

Sunnyvale,  Calif. 

Network  protection  systems. 

nLight  Photonics 

$32. 3M 

Vancouver,  Wash. 

Optical  fiber  infrastructure  products. 

3PAR 

$32M 

Fremont,  Calif. 

Enterprise  storage  systems. 

AdvanTech  Solutions 

$26.2M 

Tampa 

Human  capital  management  technology. 

OutlookSoft 

$25M 

Stamford,  Conn. 

Financial  analytic  software. 

Softek  Storage  Solutions 

$25M 

Sunnyvale,  Calif. 

Data  management  solutions. 

Starent  Networks 

$25M 

Tewksbury,  Mass. 

Datacom  equipment  for  wireless  networks. 

Speakeasy  Service 

$24M 

Seattle 

Independent  broadband  service. 

More  online! 

A  complete  list  of  first  quarter  funding  deals.  DocFinder:  1961  www.nwfiision.com 


sells  integrated  circuits  that 
provide  fiber-like  speeds  over 
copper  wires.  Jim  Apfel,  CEO  of 
Electriphy,  says  the  Santa  Clara 
start-up  attracted  seed  money 
from  Bay  Partners  and  Light- 
speed  Venture  Partners  be¬ 
cause  of  the  next-generation 
DSL  technology  that  Electriphy 
is  developing. 

“Venture  firms  look  at  the  man¬ 
agement  team,  the  technology 
and  the  market.  1  think  we  hit  on 
all  three,”  Apfel  says.  “We  have  a 
very  strong  team,  all  with  a 
modem  chip  background.  We 
have  technology  that  no  one  else 
has.  That’s  our  secret  sauce.  And 
the  market  for  [very  high-speed 
DSL]  is  one  of  the  fastest-grow¬ 
ing  markets  in  access.” 

Electriphy  formed  in  2002 
and  funded  itself  until  the 
recent  venture  capital  financ¬ 
ing.  It  is  demonstrating  integ¬ 
rated  circuit  designs  to  system 
vendors  and  their  service  pro¬ 
vider  customers. 

Apfel  admits  it’s  difficult  for  net¬ 


work  start-ups  to  attract  seed  and 
early-stage  funding  right  now.“It’s 
definitely  harder  to  raise  money, 
but  the  people  who  raise  money 
have  a  better  chance  of  success,” 
he  says. 

Overall,  the  amount  of  money 
invested  in  network  start-ups 
held  steady,  meaning  that  fewer 
companies  got  more  dollars. 
Altogether,  venture  firms  invest¬ 
ed  $2.16  billion  in  the  first  quar¬ 
ter,  a  number  comparable  to  the 
$2.1  billion  invested  in  the  first 
quarter  of  2003. 

One  factor  that’s  helping  prop 
up  venture  investments  in  net¬ 
work  start-ups  is  that  many  com¬ 
panies  are  getting  their  fourth  or 
later  rounds  of  financing.  Some 
of  these  companies  are  10  or 
more  years  old,  and  they  need 
continued  investment  until  the 
IPO  or  acquisition  markets 
become  more  active. 

“The  companies  that  have 
been  around  longer  need  more 
money  whether  it’s  an  expan¬ 
sion  round  or  a  later-stage 


round,”  Walden  says. 

Most  of  the  network  start-ups 
that  got  funding  were  software 
ventures. 

Software  companies  received 
$956  million,  or  44%,  of  the  total 
dollars.  Software  accounted  for 
more  than  double  the  next- 
closest  category,  which  was  net¬ 
working  and  equipment  start¬ 
ups.  They  received  $389  mil¬ 
lion,  or  18%,  of  the  total  dollars. 

Security  and  storage  compa¬ 
nies  dominated  this  quarter’s  top 
10  deals,  which  ranged  in  size 
from  $24  million  to  $42  million 
(see  graphic, above). 

The  MoneyTree  survey  trends 
ultimately  might  benefit  enter¬ 
prise  buyers  of  network  products 
and  services,  Walden  says. 

“It’s  not  all  bad  that  companies 
have  to  have  some  customers 
before  they  get  backing.  That’s 
going  to  make  it  harder  for  the 
enterprise  to  get  innovative  prod¬ 
ucts,  but  the  start-ups  that 
emerge  should  do  better  in  the 
long  run,”  he  says.B 


Dollars  invested  (in  billions) 
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Sitekeeper  doesn't  require  dedicated  servers  or  expensive  databases,  so  it  easily  fits  in 
your  budget.  Sitekeeper  runs  on  any  NT/2K/XP  machine  and  manages  clients  running  any 
version  of  Windows,  from  95  to  Server  2003.  Install  Sitekeeper  and  start  managing  right 
away.  Cut  out  complexity  and  increase  productivity  with  NEW  Sitekeeper  3.1 ! 


The  affordable  way  to  automate  your  systems  management 


No  steep  learning  curve.  No  special  training.  No  wonder  so  many  system  administrators 
are  raving  about  new  Sitekeeper  3.1!  Sitekeeper  is  the  affordable  way  to  track  down  and 
deploy  missing  patches,  deploy  software  and  updates,  track  license  compliance,  and 
perform  hardware  and  software  inventories — all  within  minutes  of  installation.  You'll  be 
amazed  at  the  time  you  save.  Imagine  never  having  to  perform  manual  machine-by¬ 
machine  updates  and  inventories  again! 
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HP  storage  package  targets  compliance  rules 


■  BY  DENI  CONNOR 

HP  last  week  introduced  a  hardware  and 
software  cluster  designed  to  help  compa¬ 


nies  play  by  new  government  rules  that 
mandate  how  unstructured  data  such  as 
electronic  messages  should  be  stored. 

The  StorageWorks  Reference  Information 


Storage  System  (RISS),  like  compliance 
storage  offerings  from  vendors  such  as 
Archivas,  EMC  and  Veritas  Software,  comes 
in  response  to  new  data-  and  document- 


At  DuPont,  we’ve  built  our  reputation  on  protecting  what’s  most  important. 
From  Kevlar®  bullet-resistant  materials,  to  Nomex®  fire-resistant  fabrics, 
DuPont  creates  the  materials  that  protect  what  matters  most. 

In  a  fire,  plenum  rated  data  communications  cables  can  be  one  of  the  largest 
sources  of  smoke,  causing  95%  of  IT  system  damage.  Limited  Combustible 
Cable  made  with  DuPont  "  Teflon®  provides  the  highest  level  of  fire  and  smoke 
protection  available.  Specify  Limited  Combustible  Cable  made  with  DuPont  “ 
Teflon®  because  “Up  to  Code”  isn’t  the  same  as  “Maximum  Protection.” 

To  find  out  more,  or  to  locate  Limited  Combustible  Cable  manufacturers, 
visitTeflon.com/CablingMaterials. 

DuPont1"  Teflon:  The  science  of  protection. 
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handling  regulations  such  as  Sarbanes- 
Oxley  and  the  Health  Insurance  Portability 
and  Accountability  Act. 

RISS  consists  of  a  cluster  of  20  ProLiant 
DL380  servers,  each  containing  420G  bytes 
of  storage  capacity  A  metadata  repository 
includes  unique  references  to  the  email 
and  text  documents  stored  on  the  servers. 
Each  node  in  the  cluster,  which  HP  refers  to 
as  a  “storage  smart  cell,”  is  mirrored  to 
another  cell  to  create  a  highly  available, 
fault-tolerant  configuration. 

“HP  does  something  pretty  slick  with  the 
storage  smart  cells  —  when  you  add  stor¬ 
age,  you  also  add  processing  power  and  an 
archival  engine,  so  it  can  scale  pretty  high,” 
says  Diane  McAdams,  a  senior  analyst  with 
Data  Mobility  Group.  “Searching  for  data 
can  really  bog  a  system  down, so  it’s  impor¬ 
tant  to  be  able  to  add  processing  power  as 
you  add  storage.” 

As  data  is  written  to  a  RISS  disk,  it  is 
assigned  a  unique  identifier,  which  HP  says 
makes  its  retrieval  easier. This  metadata  ref¬ 
erence  also  caries  a  time  stamp  and  digital 
signature  information. 

The  system,  which  is  designed  for  archiv¬ 
ing  and  retrieval,  came  about  through  HP’s 
acquisition  of  Persist  Technologies  last  year. 

Storing  fixed-content  information  to  com¬ 
ply  with  state  and  federal  regulations  is 
such  a  hot  market  that  The  Yankee  Group 
predicts  it  will  roughly  quadruple  from 
308,000  terabytes  last  year  to  nearly  1.25 
million  terabytes  in  2006.  Enterprise 
Storage  Group  says  fixed-content  or  refer¬ 
ence  information  will  represent  54%  of  all 
data  by  2005  and  will  grow  faster  than  tra¬ 
ditional  transaction-based  data. 

Mark  Deck,  vice  president  of  technology 
for  NMHC,  a  pharmacy  benefits  manage¬ 
ment  company  in  Port  Washington,  N.Y,  is 
weighing  his  options. 

“We  have  a  lot  of  data  we  need  to  keep 
[because  of  government  regulations]  — 
data  like  claims  data,  adjudication  data,”  he 
says.  “We  have  been  looking  for  software 
that  catalogs  data  and  gives  it  a  reference 
so  you  can  find  it  again.” 

Priced  at  about  10  cents  per  megabyte, 
HP’s  RISS  is  not  cheap,  although  HP  says  it 
is  less  expensive  than  storage  systems  not 
specifically  designed  to  handle  fixed  con¬ 
tent.  Archivas  comes  in  at  the  low  end  of 
the  price  scale  at  about  a  penny  per 
megabyte,  and  EMC’s  market-leading  Cen- 
tera  costs  about  2  cents  per  megabyte, 
although  this  does  not  take  into  account 
that  EMC  charges  extra  for  software.  HP 
charges  about  $425,000  for  a  4T-byte  con¬ 
figuration  and  includes  a  server  intercon¬ 
nection  switch  and  firewall.  ■ 


More  online! 

Want  to  know  how  compli¬ 
ance  laws  affect  you?  Read 
our  IT  Briefing  Webcast  on 
Sarbanes-Oxley  and  related 
issues.  Senior  Editor  Ann 
Bednarz  offers  insight  on  the 
topic.  DocFinder.  1127 
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■  LAN/WAN  SWITCHES  AND  ROUTERS 

■  ACCESS  DEVICES  ■  SERVERS  ■  VPNS 

■  OPERATING  SYSTEMS  ■  NETWORKED  STORAGE 

■  VOIP  ■  WIRELESS  NETWORKS 


Takes 


■  Red  Hat  last  week  unveiled  a  ver¬ 
sion  of  the  Linux  operating  system 
software  for  corporate  desktops.  The 
software,  called  Red  Hat  Desktop, 
will  be  a  companion  product  to  Red 
Hat’s  current  desktop  offering,  Red 
Hat  Enterprise  Linux  WS.  Red  Hat 
Desktop  will  be  targeted  at  corporate 
users  rather  than  the  engineering, 
software  developer  and  CAD  users 
who  used  Red  Hat's  WS.  Red  Hat 
Desktop  will  include  a  selection  of 
client  software,  including  Open  Office 
1.1,  the  Evolution  mail  client,  the 
Mozilla  Web  browser,  and  the  Citrix 
Independent  Computing  Architecture 
client.  A  10-unit  starter  pack,  including 
the  Red  Hat  Network  Proxy  Server 
software,  will  cost  $2,500.  A  50-unit 
Satellite  Server  Starter  Pack  will  cost 
$13,500,  with  support  for  each  addi¬ 
tional  50  desktops  costing  $3,500. 

■  Hitachi  Data  Systems  recently 
announced  a  high-end  storage  array 
and  enhancements  to  its  HiCommand 
management  software.  The  Hitachi 
Thunder  9585V  is  the  company’s 
largest  storage  array.  It  can  store  up 
to  64T  bytes  of  data  and  can  attach 
to  as  many  as  1,024  servers.  Hitachi 
also  introduced  HiCommand  Path 
Provisioning,  which  provides  end-to- 
end  provisioning  of  storage  resources, 
and  HiCommand  QoS  for  Sybase, 
which  ties  storage  resources  and 
availability  to  the  application.  HiCom¬ 
mand  Path  provisioning  costs  $6,000; 
HiCommand  QoS  for  Sybase  starts 
at  $5,000;  a  Thunder  9585V  with  seven 
146G-bye  drives  starts  at  $100,000. 

■  HP  next  month  plans  to  ship  a  mul¬ 
tiprocessor  daughtercard  that  will  let 
customers  double  the  number  of  Itan¬ 
ium  2  processors  supported  in  their 
Integrity  servers.  The  MX2  dual-pro¬ 
cessor  module  will  be  compatible  with 
Madison  Itanium  processor  sockets 
so  customers  can  slide  the  two-pro¬ 
cessor  module  into  slots  now  used  for 
one  processor,  HP  says.  The  MX2  will 
be  available  for  the  Integrity  rx4640, 
rx7620  and  rx8620  servers  starting  in 
June.  Pricing  will  start  at  $16,700, 
$56,000  and  $133,000,  respectively. 


Extreme  changes 


Extreme  Networks  has  changed  a 
lot  in  a  year.  Since  last  spring,  the 
vendor  has  launched  a  wireless 
product  line,  debuted  its  next-genera¬ 
tion  10G  bit/sec  switch  (the 
BlackDiamond  l  OK),  and  revamped 
its  core  switch  software  with  a  mod¬ 
ular,  Linux-based  software  operating 
system  —  ExtremeWare  XOS. 

Extreme’s  CEO  Gordon  Stitt  talked 
with  Network  World  Senior  Editor  Phil  Hochmuth 
recently  about  the  changes  in  the  company,  the  compe¬ 
tition  and  some  product  directions. 

Extreme's  focus  seems  to  be  shifting  from  a  core  switch  vendor 
to  a  more  end-to-end  approach.  Why  make  this  shift? 

Different  people  have  different  perceptions  of  how  much 
we’ve  changed.  I  think  it  comes  down  to  a  change  in  the 
market.  When  we  first  started  out,  performance  was  the  key 
thing.  When  you  look  back  into  the  late  1990s,  it  was  all 
about  getting  more  bandwidth.  But  when  things  slowed 
down  in  200 1,2002,  there  was  tons  of  bandwidth  installed. 


Now  it  comes  down  to  a  different  set  of  issues.  People  are 
more  concerned  about  security  than  they  are  about  band- 
width.The  whole  talk  about  convergence  is  a  big  deal 
because  it  fundamentally  can  transform.  We  have  taken  a 
more  systems  approach. . .  .This  is  very  different  from  the 
speeds  and  feeds  of  yesteryear.  Don’t  get  me  wrong,  perfor¬ 
mance  still  counts.You  can’t  go  out  there  and  say  we  run  at 
50  megabits  and  100  megabits.You  have  to  run  at  wire 
speed.  But  the  first  criteria  isn’t  performance,  it’s ‘How  do  I 
solve  this  problem?’ 

But  Cisco  has  a  big  head  start  being  an  end-to-end  vendor.  How 
do  you  catch  up? 

They  are  the  end-to-end  leader,  and  they  do  have  a  head 
start.  But  they  do  it  in  a  very  proprietary  environment.  It’s 
like  the  IBM  AS/400;  you  used  to  buy  your  ERP  applications 
and  computers  from  the  same  company. You  wouldn’t  even 
consider  doing  that  today 

Networking  is  just  in  an  earlier  stage,  like  that.  Cisco  is 
dominant  in  the  end-to-end  market.  But  10  years  from 
now,  that  will  be  an  anachronism.You’ll  choose  best  of 
breed  just  as  you  do  today  in  computers  and  applications 
and  communications  devices. 

See  Extreme,  page  26 


ISCSI  use  booms,  early  adopters  swoon 


■  BY  DENI  CONNOR 

NEW  YORK  —  IP  storage-area  networks 
got  a  boost  at  the  Storage  Decisions  show 
in  New  York  recently  as  ardent  users  said 
that  deploying  iSCSI 
was  love  at  first 
sight. 

Early  adopters 
made  it  clear  that 
they  weren’t  using  the  iSCSI  protocol  as  a 
replacement  for  more  expensive  Fibre 
Channel  SANs, but  were  primarily  adopting 
it  for  its  cost,  ease  of  installation  and  as  a 
platform  to  run  less  business-critical  appli¬ 
cations  such  as  Microsoft  Exchange  or  SQL 
Server.  Most  say  they  will  keep  their  data¬ 
base  and  transaction-intensive  applica¬ 
tions  on  Fibre  Channel  SANs. 

The  iSCSI  protocol  lets  block-level  stor¬ 
age  data  be  transported  across  the  IP  net¬ 
work.  It  sits  on  top  of  Ethernet  and  can  be 
facilitated  by  adding  adapters  to  servers 
with  their  own  direct-attached  storage  or 
by  connecting  servers  and  external  storage 
to  an  iSCSI  gateway  device  or  switch. 


To  implement  iSCSI,  users  can  purchase 
an  Ethernet  adapter  for  $140,  put  in  a  serv¬ 
er,  load  a  free  Microsoft  iSCSI  driver  on  it 
and  connect  the  server  through  a  Gigabit 
Ethernet  switch  to  an  iSCSI  concentrator, 
which  can  be 
bought  for  as  little 
as  $14,000.  By  con¬ 
trast,  a  typical  Fibre 
Channel  adapter 
Fibre  Channel  switch 


EARLY 

ADOPTERS 


costs  $1,300  and  a 
costs  $23,000. 

A  Merrill  Lynch/McKinsey  study  showed 
that  the  total  software/hardware  cost  of  an 
IP  SAN,  which  stored  2T  bytes  of  data,  is 
$77,000;  a  Fibre  Channel  SAN  of  the  same 
size  would  cost  more  than  $180,500. 
Based  on  the  same  study  the  total  cost  of 
ownership  of  an  iSCSI  network  is  $1 17,400 
compared  with  $231,380  for  a  Fibre 
Channel  SAN. 

Ken  Walters,  senior  director  for  enterprise 
platforms  at  the  Public  Broadcasting 
Service  in  Alexandria,Va.,is  no  neophyte  to 
storage.  He  already  has  a  Fibre  Channel 
SAN  consisting  of  an  IBM  Enterprise 


Storage  Server  (code-named  Shark)  con¬ 
nected  to  his  servers  via  a  Brocade 
Silkworm  switch.  It  stores  3T  bytes  of  data. 

When  he  considered  expanding  his  SAN 
to  link  a  bunch  of  servers  with  direct- 
attached  storage,  Walters,  who  runs  IT  on  a 
nonprofit  budget,  chose  iSCSI. 

“The  rest  of  my  machines  I  wanted  to 
consolidate  less  expensively’  he  says.  “1 
needed  a  cost-effective  way  to  get  SAN  stor¬ 
age  to  my  IBM  BladeCenter  servers.” 

Another  attraction  of  iSCSI  for  Walters 
was  its  simple  installation.  Because  the 
iSCSI  protocol  runs  on  top  of  Ethernet,  it 
behaves,  is  installed  and  is  managed  in  the 
same  fashion. 

“I  never  believe  a  vendor  when  they  say 
in  20  minutes  you  can  be  up  and  running," 
Walters  says/’In  this  case,  we  could.” 

Walters,  who  started  testing  iSCSI  in  2002, 
installed  StoneFly  Networks’  Storage  Con¬ 
centrator  i3000,  which  connects  to  his  IBM 
BladeCenter  servers  and  consolidates  their 
storage.  He  runs  less  business-critical  SQL 
Server,  Exchange  and  Web  applications  on 

See  ISCSI,  page  26 
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W  hile  every  enterprise  branch  office 
requires  LAN  and  WAN  features,  an 
inspection  of  the  communications 
closet  almost  always  reveals  that  separate 
boxes  are  implemented  for  each.Adtran  is 
trying  to  change  that. 

In  a  flurry  of  branch-office  productivity 
by  the  vendors,  Adtran  joined  the  ranks 
of  those  that  have  had  us  validate  their 
branch-office  offering  head-to-head 
against  Ciscos. The  company’s  NetVanta 
1224R  offers  a  full-fledged  router  and 
LAN  switch  in  a  1U  box.  It’s  unique,  but 
will  it  fly? 

Because  these  devices  “talk”  using 
Ethernet,  there  is  no  reason  that  they  have 
to  be  boxed  together  or  tightly  coupled  in 
any  way  On  the  other  hand,  there  is  noth¬ 
ing  that  stands  in  the  way  of  them  being 
integrated,  either.  There  are  the  obvious 
advantages  of  reduced  footprint,  integrat- 


Then  there  was 


ed  management  but,  if  it  is  such  a  great 
idea,  one  might  ask,  why  is  Adtran,  an 
admitted  “follower”  one  of  the  first  to  do  it 
for  the  enterprise? 

Well,  historically,  there’s  been  a  con¬ 
scious  choice  by  many  vendors  to  “stop  at 
the  edge”  and  leave  the  WAN  to  others. 

While  the  existence  of  stacks  of  WAN 
protocol  building  blocks  has  made  the 
job  easier  today,  vendors  in  the  mid-  to  late 
1990s  venturing  into  the  WAN  had  to  be 
content  with  a  significant  amount  of 
development  that  had  little  in  common 
with  what  they  were  doing  on  the  LAN. 

A  combination  of  aggressive  goals  —  in 
features  to  implement  and  units  sold  — 
caused  many  vendors,  especially  start-ups, 
to  decide  that  the  WAN  wasn’t  worth  the 
trouble.  After  all,  a  branch  office  might 
need  dozens  of  LAN  ports  but  usually 
could  get  by  with  just  one  WAN  port.  And, 
unless  you  could  be  sure  of  providing  the 
headquarters  side  of  the  WAN  connection, 
you  could  find  yourself  embroiled  in  fin¬ 
ger-pointing  with  the  likes  of  Cisco  or 
Nortel  whenever  a  WAN  glitch  occurred. 

So  if  you  look  at  companies  such  as 
Foundry  Networks  and  Extreme 
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—  WAN/LAN  combo  arrives 


one 

Networks,  and,  earlier  companies  like 
Madge  Networks,  they  simply  chose  not  to 
play  in  the  WAN  arena.  So  given  that  dif- 

If  Adtran  is  successful  in 
gaining  not  only  market 
share  against  Cisco  but 
acceptance  of  the  inte¬ 
grated  switch/router, 
others  surely  will  follow. 

ferent  companies  typically  provided  the 
LAN  and  the  WAN  gear  —  or  different  divi¬ 
sions  of  major  players  —  the  “separate 
box”  syndrome  became  the  “standard.” 

Ironically  integrated  LAN/WAN  boxes  are 
nothing  new  —  and  actually  thrive  —  but 
in  a  different  arena.Virtually  all  of  the  small 
office/home  office  gear  you  encounter 
today  and  a  lot  of  low-end  business 
“routers”  provide  LAN  switch  ports.  It  just 


hasn’t  become  de  rigueur  in  the  enterprise. 

If  Adtran  is  successful  in  gaining  not 
only  market  share  against  Cisco  but 
acceptance  of  the  integrated  switch/ 
router,  others  surely  will  follow. 

For  companies  such  as  3Com  that  make 
enterprise-class  gear  in  both  categories, 
integration  should  be  a  snap.  For  compa¬ 
nies  such  as  Larscom  and  Tasman  that  are 
really  focused  on  the  WAN,  the  job  would 
be  a  bit  harder.  And  they  might  be  faced 
with  a  credibility  gap,  given  their  lack  of 
presence  in  the  LAN  switching  space. 

For  other  edge  switch  vendors  a  strong 
acceptance  of  integrated  LAN/WAN 
would  cause  them  to  divert  resources 
from  previously  defined  goals  to  build  a 
hybrid  offering. 

For  managers  of  branch-office  networks, 
“roll  up”  of  features  —  LAN/WAN, security 
suites,  etc. —  can  simplify  their  lives.That’s 
the  theory,  at  least.  This  year  we’ve  got  a 
chance  to  see  how  it  works  in  practice. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Boca  Raton,  Fla.  He  can  be 
reached  at  ktolly@tolly.com. 


RouteScience  gear  now  listens  to  applications 


■  BY  TIM  GREENE 

RouteScience  Technologies  last 
week  announced  upgrades  to  its 
route-optimization  software  that 
the  company  says  will  better 
help  customers  pick  the  best 
Internet  connection  when  there 
is  more  than  one  to  choose  from. 

Until  now,  RouteScience  gear 
made  routing  decisions  based  on 
the  performance  of  ISP  networks, 
but  without  considering  the  needs 
of  individual  applications.  Some 
applications  might  tolerate  packet 
loss,  but  not  jitter;  others  might  tol¬ 
erate  delay  but  not  packet  loss. 

Now  Adaptive  Networks  Soft¬ 
ware  (ANS)  assesses  how  well 
specified  applications  are  per¬ 
forming  and,  if  they  perform  be¬ 
low  set  policies,  changes  the  path 
the  application  takes  to  the  Inter¬ 
net  to  boost  performance.  If  there 
is  no  path  that  boosts  perfor¬ 
mance  to  meet  the  policies,  the 
software  can  notify  IT  staff  to 
take  action. 

Other  route-optimization  ven¬ 
dors  include  Opnix  and  Pro¬ 
ficient  Networks,  the  latter  of 
which  added  application  aware¬ 
ness  last  year. 

RouteScience  gear  sits  on  LANs 
that  have  multiple  Internet  con¬ 
nections  provided  by  more  than 
one  ISP  —  so-called  multi¬ 
homed  sites.  The  equipment  is  a 


peer  to  Border  Gateway  Protocol 
router  and  sends  updates  to  the 
routers  to  select  the  best  route. 
Policies  define  the  best  route 
using  delay,  jitter,  latency  packet 
loss  and  cost  of  the  connection 
as  parameters.  The  software  was 
previously  blind  to  the  needs 
and  performance  of  individual 
applications,  which  can  be  criti¬ 
cal,  the  company  says. 

“Say  we  did  voice  over  the 
Internet,”  says  Scott  Jesters,  senior 
network  engineer  for  Sutter 
Health  hospital  network  based  in 
Sacramento,  Calif.  “We’d  want  to 
do  policy-based  routing  because 
it  could  make  a  huge  difference.” 
Delay  and  jitter  could  make  voice 
traffic  unintelligible.  “End  users 
would  notice  that  it  didn’t  sound 
as  good,”  he  says. 

Sutter  depends  on  Route- 
Science  gear  to  decide  whether  its 
SBC  or  MCI  Internet  connection  is 
working  better.  With  the  new  soft¬ 
ware,  Sutter  also  can  generate 
reports  about  how  well  applica¬ 
tions  are  responding  so  IT  staff 
can  understand  end-user  experi¬ 
ences  with  particular  applica- 
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tions.  These  reports  help  in  plan¬ 
ning  how  to  improve  perfor¬ 
mance,  he  says. 

ANS  is  divided  into  core  soft¬ 
ware  and  application  modules. 
Customers  start  off  with  core 
software  and  at  least  one  of  five 
available  application  modules 
(see  graphic). 

ANS  Version  5  is  available  now. 
The  various  modules  are  priced 
separately  based  on  the  through¬ 
put  they  can  handle.  A  single  mod¬ 
ule  on  a  device  with  500M  bit/sec 
throughput  costs  $30,000.  ■ 


Fine-tuning  for  applications 

RouteScience  modules  configure  its  gear  to  select  the 
best  ISP  for  supporting  specific  applications  and  to  report 
on  how  well  those  applications  perform. 


Module 

Applications  supported 

Enterprise 

Siebel,  Oracle,  PeopleSoft,  i2  and  others. 

Web 

IBM  WebSphere,  BE  A  and  other. 

Voice  over  IP 

Avaya,  Nortel,  Cisco. 

Realtime  Multimedia 

Polycom  and  others. 

Streaming  Media 

RealNetworks  and  others. 

Veritas  updates  storage  mgmt.  software 


■  BY  DENI  CONNOR 

Veritas  Software  has  enhanced 
its  CommandCentral  storage 
management  software  and  ser¬ 
vices  to  give  customers  a  portal 
from  which  they  can  view  storage 
consumption  and  manage  ser¬ 
vice  levels  and  costs. 

The  company  rolled  out  Com¬ 
mand  Central  Storage  4.0  and 
Command  Central  Availability  4.0 
and  will  now  let  users  access  its 
management  products  via  a  Web- 
based  console.  With  Command 
Central  Storage  4.0,  Veritas  will 
meld  the  storage-area  network 
management  of  its  own  SANFbint 


Control  with  the  storage  resource 
management  (SRM)  of  its  Storage 
Reporter.  SRM  helps  customers 
cut  out  wasted  storage  hardware 
purchases. 

With  the  Availability  4.0  pack¬ 
age,  users  can  view  storage  and 
server  clusters,  and  it  lets  cus¬ 
tomers  monitor  operational  con¬ 
trol  so  service-level  agreements 
can  be  met.  CommandCentral 
Availability  assures  that  applica¬ 
tions  are  highly  available  and 
increases  IT  staff  productivity 

Further,  the  company  detailed  a 
road  map  for  the  integration  of 
the  Ejasent  products  it  acquired 
in  January.  Veritas  will  introduce 


MicroMeasure,  software  that 
allows  usage-based  metering  of 
storage  and  charge-back  billing. 
By  year-end,  MicroMeasure  is 
scheduled  to  be  available  as  part 
of  a  future  version  of  Command- 
Central  Service.  Ejasent’s  UpScale, 
which  lets  applications  move 
from  one  server  to  another  with¬ 
out  disruption,  will  be  added  to 
Veritas  Cluster  Service  in  the  first 
half  of  2005. 

CommandCentral  Storage  4.0, 
CommandCentral  Availability  4.0 
and  CommandCentral  Service  4.0 
are  expected  to  be  available  in 
July. The  individual  modules  start 
at  $20,000.  ■ 


What  not  having  a 
Linux  strategy  can  take  out 
of  your  bottom  line. 


If  you're  paying  unreasonable  licensing  fees  for  software  that  constantly  needs  security  patches,  you're  getting  eaten  alive.  But  there's  a  solution.  With  SUSE®  LINUX,  Novell*  can  help  you  unleash  the  cost-saving  power 
of  a  flexible,  end-to-end  open  source  strategy.  Only  Novell  supports  Linux  from  desktop  to  server,  across  multiple  platforms.  We'll  integrate  our  industry-leading  security,  management  and  collaboration  tools  seamlessly 
into  your  environment.  We'll  provide  award-winning  technical  support  24/7/365,  and  train  your  IT  staff  to  deploy  Linux-based  solutions.  And  we'll  make  sure  your  open  source  strategy  actually  meets  your  number-one 
business  objective  -  making  money.  Call  1-800-51 3-2600  to  put  some  teeth  back  into  your  tech  strategy,  or  visit  www.novell.com/linux  ©  we  speak  your  language. 
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Wireless  mgmt.  wares  on  tap  at  N+l 

Symbol  and  Netmotion  Wireless  packages  designed  to  ease  control  of  large  mobile  environments. 


■  BY  JOHN  COX 

Letting  users  better  manage  their  wireless 
and  mobile  computing  environments  will 
be  a  prime  focus  for  new  vendor  products 
at  this  weeks  NetWorld+lnterop  2004  Las 
Vegas  show 

For  example,  Symbol  Technologies  will 
unveil  a  wireless  LAN  (WLAN)  manage¬ 
ment  product  —  the 
Symbol  Mobility  Services 
Suite  (MSS)  —  which  is  a 
set  of  management  pro¬ 
grams  designed  to  work 
together,  with  a  Web- 
based  GUI. 

The  package  includes  Symbol’s  existing 
WLAN  management  products,  such  as 
AirBeam  Manager,  but  adds  a  battery  of 
new  features,  a  new  GUI  and  a  unique 
package:  The  software  comes  loaded  on  a 
rack-mounted  IBM  eServer.  Also  new  are 
bits  of  code,  called  agents,  which  run  on 
the  wireless  clients,  access  points  and 
switches  to  be  managed. 

The  Web  GUI,  accessible  via  any  Web 
browser,  ties  the  programs  together,  and  lets 
administrators  visually  sort  the  WLAN  ele¬ 
ments,  including  users,  by  groups,  locations, 
userclasses.applications  and  other  criteria. 
Using  the  Web  screens,  administrators 
reconfigure  devices,  update  their  software, 
and  monitor  and  analyze  radio  signals. 

Using  the  Web  screens  tabs,  for  example, 


an  administrator  can  see  the  status  of  the 
access  points  at  a  given  location  or  the  soft¬ 
ware  version  of  an  inventory  control  appli¬ 
cation  on  all  wireless  handhelds  issued  to 
warehouse  staffers. 

The  agents  are  a  vital  part  of  the  new 
management  product.  They  monitor  a 
range  of  functions  on  devices.  When  the 
agents  find  an  anomaly  or  specific 
change,  they  send  an 
alert  back  to  the  MSS 
management  console.  An 
SNMP  trap  can  pass 
these  alerts  back  to  an 
enterprise  management 
system  such  as  Computer  Associates 
Unicenter  or  HP  Openview. 

The  agents  also  make  it  possible  to  moni¬ 
tor  the  results  of  scheduled  software  instal¬ 
lations,  such  as  a  new  application  version 
or  a  patch. 

Future  releases  of  Symbol’s  WLAN 
switches,  thin  access  points  and  PocketPC- 
based  handhelds  will  ship  with  the  agents 
already  loaded.  For  now,  customers  can 
add  the  software  to  WLAN  devices  like  any 
other  software  update,  says  Gary  Kovacs, 
Symbol’s  senior  director  of  product 
management. 

Version  2.0  of  MSS,  due  out  later  this  year, 
will  have  additional  agents,  some  from 
partners,  for  a  growing  range  of  other 
client  devices,  and  access  points  typically 
found  in  enterprise  wireless  deployments, 
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such  as  older  DOS-based  bar  code  scan¬ 
ners  and  PalmOS  PDAs. 

A  tool  set,  MSS  Studio,  can  be  used  to 
build  custom  management  applications 
that  can  run  on  various  operating  systems. 

The  first  version  of  MSS  will  ship  in  June 
and  will  be  showcased  at  N+I. Symbol  had 
not  released  pricing. 

Meanwhile,  Netmotion  Wireless  has 
reworked  its  device  management  soft¬ 
ware  to  support  thousands  of  mobile 
devices  in  the  enterprise.  The  original 
client-server  software  includes  a  built-in 
VPN,  single  sign-on  and  a  program  to  cre¬ 
ate  and  administer  access  and  connec¬ 
tion  policies  for  mobile  users. 

Renamed  Mobility  XE,the  new  release  for 
the  first  time  runs  on  more  than  one  server. 
This  capability  lets  the  software  balance 
the  management  load  over  two  or  more 
machines,  and  automatically  shift  loads 
among  the  servers  if  one  of  them  fails  or 
has  to  be  shut  down. 

Netmotion  added  a  new  component, 
called  Mobility  Warehouse,  which  is  a  dis¬ 
tributed  directory  that  can  store  millions  of 
configuration  settings  for  servers  and 
clients.  Previously  this  data  was  stored  in 
the  Windows  Registry  of  a  single  machine. 
Mobility  Warehouse,  which  is  based  on 
Sun’s  Lightweight  Directory  Access  Proto¬ 
col  SunOne  Directory  Server,  can  handle 
more  settings  and  distribute  them  across 
multiple  servers. 


“The  Web  interface  is  really  simple  to  nav¬ 
igate.  Clicking  on  the  different  tabs  gets  me 
different  views  [of  the  net]  or  activates  dif¬ 
ferent  functions,”  says  Gus  Menoudakis,  fire¬ 
wall  and  network  administrator  for 
Diamond  Cluster  International,  a  Chicago 
management  consulting  company. 

Menoudakis  rates  this  feature  highly, 
along  with  the  high-availability  capability. 

For  small  to  midsize  deployments,  pricing 
starts  at  $15,000  for  100  users.  Additional 
user  licenses  range  from  $1 10  to  $140  each, 
depending  on  the  volume.  A  second  server 
license  is  $5,000.  For  large  corporations, 
1 ,000-user  licenses  and  unlimited  servers  is 
$1 05,000.  ■ 


More  online! 

In  this  Webcast,  Craig  Mathias,  principal  at  Farpoint 
Group,  leads  you  through  the  pros  and  cons  of  wire¬ 
less  networking.  Mathias  keynoted  Network  World's 
Wireless  LANs  Technology  Tour  and  shares  highlights 
from  his  presentation. 
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Aventail  boosts  VPN  control  package 


■  BY  PAUL  ROBERTS 

Aventail  last  week  unveiled  new  Secure 
Sockets  Layer  VPN  software  that  promises 
to  help  users  clean  up  files  on  client 
machines,  make  it  easier  to  create  access- 
control  policies  and  prevent  unsecure 
clients  from  logging  on  to  networks. 

The  company  rolled  out  Anywhere 
Secure  Access  Fblicy  (ASAP),  the  technol¬ 
ogy  platform  used  for  Aventails  EX-1500 
SSL  VPN  appliance.  The  package  lets  man¬ 
agers  create  and  deploy  user-access  poli¬ 
cies  and  configure  client  options.  Among 
other  changes,  ASAP  7.1  improves  Aven- 
tail's  Cache  Control  feature,  which  removes 
data  sent  to  remote  clients  during  SSL  VPN 
sessions  after  those  sessions  have  ended, 
says  Sarah  Daniels,  vice  president  of  prod¬ 
uct  management  and  marketing  at 
Aventail. 

Aventails  products  have  long  cleaned 
temporary  files,  e-mail  file  attachments, 
cookies,  Web  pages  and  other  data  left  on 
machines.  The  new  software  is  more  thor¬ 
ough  in  searching  out  data  that  is  tem¬ 
porarily  stored  by  Microsoft’s  Internet 
Explorer  Web  browser  during  SSL  VPN  ses¬ 
sions.  The  new  Cache  Control  feature  is 
thorough  enough  in  removing  data  to  com¬ 
ply  with  the  U.S.  Department  of  Defenses 
clearing  and  sanitizing  standard,  known  as 
DoD  5220.22-M,she  says. 

An  optional  feature,  called  Aventail 
Secure  Desktop,  provides  even  more- 
secure  handling  of  SSL  VPN  data  by  creat¬ 


ing  a  virtual  workspace  and  temporary,  en¬ 
crypted  “vault”  on  client  machines  where 
session  data  is  downloaded  and  stored. 
The  workspace  and  vault  are  destroyed  at 
the  end  of  each  session,  erasing  any  data 
stored  there,  Aventail  says. 

Aventail  also  improved  the  policy  man¬ 
agement  features  in  ASAP  7. 1 .  Previous  ver¬ 
sions  of  ASAP  required  administrators  to 
write  access  policies  using  a  complex  syn- 


lessly  with  Aventails  EX-1500  appliance  to 
inspect  remote  clients  for  virus  infections 
or  the  presence  of  spyware  or  Trojan  horse 
programs  before  letting  users  establish  an 
SSL  VPN  connection,  Daniels  says. 

SSL  VPNs  are  an  increasingly  popular 
technology  for  providing  remote  users 
with  access  to  network  resources  such  as 
e-mail,  software  applications  and  network 
file  servers.  As  opposed  to  VPNs  that  use 


Aventail  now  faces  competition  from  a  number  of 
technology  companies,  including  established  play¬ 
ers  in  the  network  equipment  market  such  as  Cisco. 


tax.  A  new  user  interface  and  an  object- 
based  policy  model  in  Version  7.1  let 
administrators  browse  Lightweight 
Directory  Access  Protocol,  Microsoft  Active 
Directory  or  RADIUS  directories  to  select 
users,  user  groups  or  policies,  automatical¬ 
ly  building  the  policy  language. 

The  new  management  feature  will  speed 
the  creation  of  access  policies  and  reduce 
typos  and  other  user  errors,  Daniels  says. 

Finally,  Aventail  says  it  is  partnering  with 
three  companies  to  help  its  customers 
secure  their  networks  from  vulnerable  or 
compromised  SSL  clients.  Aventail  is  inte¬ 
grating  support  for  Zone  Labs’  Clientless  PC 
Security  and  WholeSecurity’s  Confidence 
Online  products.  Customers  using  those 
products  will  be  able  to  use  them  seam- 


IPSec,  SSL  VPNs  rely  on  the  SSL  protocol, 
which  is  a  part  of  most  common  Web 
servers  and  Web  browsers  and  is  widely 
used  to  secure  e-commerce  transactions. 
As  a  result,  SSL  VPNs  are  typically  “client¬ 
less,”  meaning  they  do  not  require  a  sepa¬ 
rate  software  application  to  be  installed  on 
the  remote  user’s  machine.That  lets  remote 
users  securely  connect  to  networks  from 
any  computer  with  an  Internet  connection 
and  a  Web  browser. 

An  early  leader  in  the  market  for  SSL  VPN, 
Aventail  now  faces  competition  from  a 
number  of  technology  companies,  includ¬ 
ing  established  players  in  the  network 
equipment  market  such  as  Cisco,  which 
added  SSL  VPN  features  to  its  VPN  3000 
Series  Concentrator  in  November. 


In  recent  weeks,  Aventail  and  MCI  an¬ 
nounced  they  will  partner  to  deliver  SSL 
VPN  technology  and  Aventail  plans  to  in¬ 
troduce  new  features  to  its  Remote  Access 
suite  of  services,  including  technology  to 
detect  online  fraud  and  scramble  user 
passwords  sent  over  MCI’s  global  network. 

Aventail  has  not  seen  any  decrease  in 
business  as  a  result  of  new  competition 
from  Cisco  and  others,  according  to 
Daniels.  She  says  Aventails  head  start  in 
developing  SSL  VPN  products  will  keep 
the  company  safe  from  competition  in  the 
short  term.  In  the  long  term,  Aventail  must 
continue  to  innovate  and  be  a  technology 
leader  to  survive,  she  says. 

Roberts  is  a  correspondent  with  the  IDG 
News  Service ’s  Boston  bureau. 


More  online! 

There’s  a  lot  to  know  about  how  SSL  VPNs  can  help 
you  offer  secure  remote  access  across  the  enterprise, 
For  the  latest  information  and  expert  insight,  tune 
into  our  IT  Briefing  Webcast  featuring  Senior  Editor 
Tim  Greene. 
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When  business  losses  are  measured  in  seconds, 
preemption  beats  “ reaction  ”  every  time. 


Internet  Security  | Systems* 

Ahead  of  the  threat. 


TIME 


ISS  PREEMPTS  THE  THREAT.  OTHERS  REACT  TO  IT. 


The  only  effective  security  is  preemption.  This  preemptive  power  is  only  available  with  the  Proventia'”  Security  Platform  from  Internet 
Security  Systems.  When  software  security  flaws  are  discovered,  Internet  Security  Systems’  world-renowned  research  team  updates  Proventia 
to  immediately  shield  against  any  attacks  targeting  weak  spots.  Regardless  of  the  size  of  your  business,  this  new  standard  in  Internet 
security  can  help  keep  you  off  the  path  to  disaster  and  reduce  your  total  cost  of  ownership  -  In  fact,  when  we  manage  Proventia  for  you, 
we'll  even  guarantee  protection.  Need  proof?  Get  your  free  whitepaper,  Preemptive  Protection:  Setting  a  New  Standard  in  Security,  at 
www.iss.net/proof/whitepaper  or  call  800-776-2362. 
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Why  was  it  important  for  Extreme 
to  get  into  wireless? 

i  used  to  look  at  it  and  say’Well 
if  your  network  is  already  wired, 
why  do  [wireless]?’ The  value  in 
wireless  is  new  kinds  of  devices 
being  connected  to  the  net- 
work.That  makes  it  very  different 
from  wired  Ethernet  and  creates 
different  challenges.  It’s  not  terri¬ 
bly  hard  to  authenticate  a  wire 
less  laptop  today  but  how  do 
you  authenticate  a  piece  of 
medical  equipment?  Or  authen¬ 
ticate  a  camera  or  a  thermostat 
on  the  wall?  If  you  look  at  it  that 
way  1  think  wireless  is  very  strate¬ 
gic  to  us.  It’s  going  to  happen  in 
a  big  way  For  me,  wireless  was  a 
very  strategic  investment  and 
critical  to  being  able  to  continue 
to  be  the  alternative  to  Cisco  in 
the  large  enterprise. 


If  users  will  move  to  best-of-breed 
products,  there  are  hundreds  of 
wireless  start-ups  to  choose  from. 
Does  that  scare  you? 

There  are  hundreds  of  start¬ 
up  companies  in  wireless. 
There  are  too  many  and  there 
are  too  many  by  many  times. 
But  there  are  some  interesting 
areas  that  people  have 
addressed  niches.  I  frankly 
think  that  a  lot  of  people 
doing  the  wireless  switches 
don’t  really  have  any  unique 
capabilities,  and  ultimately 
they  will  become  subsumed 
by  the  incumbent  vendors.  We 
have  a  solution  that  may  not 
do  100%  of  what  every  wireless 
switch  vendor  does,  but  it  does 
90%  and  it  will  do  the  other 
10%  in  six  months.  We  may  be 
a  little  bit  behind  at  any  given 
time,  but  not  for  very  long. 
Ultimately  what’s  key  there  is 
integrating  with  the  wired  net¬ 
work.  If  you  look  at  voice  over 
wireless  over  IRyou  look  at 


someone  roaming  and  discon¬ 
necting  his  laptop. You  want  a 
single  unified  interface.  People 
don’t  want  to  have  two  con¬ 
soles.  If  we’re  going  to  go  to  an 
integrated  voice/data  network 
to  get  away  from  the  manage¬ 
ment  of  both,  we’re  certainly 
not  going  to  separate  them 
again  and  have  a  wireless  and 
wired  access  for  clients. 

That  said,  there  are  opportuni¬ 
ties  and  other  areas  where  there 
is  value,  for  example  location 
services.  Some  of  the  [radio  fre¬ 
quency]  design. There  is  going 
to  be  a  lot  of  interesting  ways 
people  are  doing  roaming. 
There  will  be  some  interesting 
technologies  from  some  of 
these  start-ups  that  will  become 
more  widely  used. 

What  is  the  climate  for  enterprise 
IT  spending? 

If  you  look  at  the  enterprise, 
it’s  tough  to  forecast  spending.  I 
read  all  these  reports  from 
financial  analysts  and  industry 


analysts.  It’s  tough  to  say  what 
this  year’s  going  to  be  like,  other 
than  to  say  that  there  is  a  lot  of 
activity  But  I  think  buying  habits 
have  changed  forever.  Band¬ 
width  and  speeds  and  feeds  — 

I  think  that’s  old  news,  like  I 
said.  I  don’t  think  you’re  going 
to  see  people  going  out  saying, 

‘I  need  something  faster  It’s 
going  to  be  driven  by  a  change, 
likely  a  business  change. 

What  areas  in  Extreme's  research 
and  development  are  you  excited 
about? 

Looking  back  over  the  last 
couple  of  years,  [ExtremeWare] 
XOS  was  more  than  a  three-year 
effort,  so  a  lot  of  effort.The  new 
BlackDiamond  10K  in  Decem¬ 
ber,  which  uses  our  4GNSS  tech¬ 
nology  that  was  a  three-year 
investment  in  ASICs,  a  very 
complex  system  with  a  lot  of 
carrier-type  capabilities.  So  if 
you  look  at  all  that,  those  have 
been  big  investments.There  are 
follow-on  investments,  clearly.  I 


think  you’ll  see  more  emphasis 
on  software  and  XOS  capabili- 
ties.The  other  area  is  unified 
access,  which  is  again  mostly 
software,  although  we  do  a  fair 
amount  of  RFWe’ll  look  at  really 
filling  out  the  capabilities  of 
XOS  and  making  partnerships 
there. 

As  you  move  more  toward  soft¬ 
ware,  does  that  take  away  from 
your  hardware  R&D? 

We  can  do  both.  In  our  stack- 
ables,  we’ve  moved  to  merchant 
silicon  in  all  of  the  new  prod¬ 
ucts  we’ve  introduced  in  the 
last  six  to  nine  months.  Because 
for  that  type  of  product,  that 
functionality  is  good  enough. 
The  focus  on  our  ASICs  is  on 
the  core  of  the  network  and  the 
aggregation  layer.  We’re  not  try¬ 
ing  to  build  ASICs  for  all  levels 
of  the  network.  Our  focus  is  on 
the  core.  We  have  a  lot  more 
software  folks  as  a  percentage 
today  than  we  did  than  a  few 
years  ago.  ■ 


The  iSCSI  bandwagon 

A  sampling  of  recent  iSCSI  product  announcements. 


Company 

Product 

Description 

Price 

ADIC 

Scalar  tape 
libraries 

Lets  tape  library  connect  to 
an  iSCSI  network. 

Starts  at  $15,000 

American 

Megatrends 

StorTrends  iTX 
iSCSI 

Connects  servers  to  storage 
via  iSCSI. 

Starts  at  $7,000 

DataCore 

SanMelody 

Turns  servers  into  iSCSI  disk 
arrays. 

Starts  at  $1,000 

FalconStor 

ISCSI  Storage 
Server 

Lets  a  Windows  Storage 
Server  use  iSCSI. 

Starts  at  $2,000 

Snap 

GuardianOS3.0 

Lets  Snap  Server  NAS 

Included  with  its 

Appliance 

operating  system 

devices  run  iSCSI. 

Snap  NAS 
appliances 

ISCSI 

continued  from  page  21 

the  blades,  which  have  the  Microsoft  iSCSI 
LAN  driver  installed. 

The  iSCSI  allure 

Thomas  Reynolds,  senior  executive  direc¬ 
tor  for  IS  and  technology  at  ldenix 
Pharmaceuticals  in  Cambridge,  Mass.,  also 
saw  the  allure  of  iSCSI. 

Like  Walters,  Reynolds,  who  has  12 
Windows  2000  servers  running  Microsoft 
Exchange,  was  skeptical  of  the  vendors’ 
claims  of  easy  installation. 

Reynolds  wanted  a  highly  available  net¬ 
work  with  no  planned  downtime.  He 
installed  LeftHand’s  iSCSI  Network  Storage 
Module,  which  contains  Advance  Technol¬ 
ogy  Attachment  storage.  The  Network 
Storage  Modules  connects  to  the  IP  net¬ 
work;  servers  on  the  network  can  access 
information  via  iSCSI. 

“We  couldn’t  invest  money  in  SANs, so  we 
chose  iSCSI  because  it  is  less  expensive,” 
Reynolds  says.  He  runs  iSCSI  traffic  on  sep¬ 
arate  segments  of  the  IP  network  from  net¬ 
work  traffic. 

Michael  Davies,  chief  implementation 
officer  for  satellite  communications 
provider  Sawtel  in  Hartford,  Conn.,  is 
deploying  iSCSI  for  8,000  clients.  He  uses 
Adaptec  iSCSI  host  bus  adapters  to  con¬ 
nect  his  servers  to  storage. 

Although  iSCSI  performs  at  only  the 
speed  of  the  underlying  Ethernet  network, 
Davies  says  the  performance  of  it  was  just 
fine  compared  with  Fibre  Channel’s  2G 
bit/sec. 

“ISCSI  was  ideal  —  about  a  sixth  the  cost 


of  deploying  a  SAN,”  Davies  says.’The  iSCSI 
solution  performs  very  well.  Data  through¬ 
put  was  very  high  —  90M  to  100M  bytes  per 
second.” 

Robert  Bellanti,  vice  president  of  data 
center  engineering  for  KeyBank  National 
Association  in  Albany,  N.Y,  is  another  fan  of 
the  low-cost  technology 

“ISCSI’s  on  our  radar  screen,”  says 
Bellanti,  who  has  not  yet  deployed  iSCSI. 
“The  challenge  of  the  [Fibre  Channel]  SAN 
is  that  host  bus  adapters  are  more  expen¬ 
sive  [than  iSCSI],  and  deploying  SANs 
snowballs  the  expense.  We  are  looking  at 
less-expensive  options.” 

Bellanti  has  40T  to  50T  bytes  of  direct- 
attached  storage  in  his  network  and  50T 
bytes  of  SAN-attached  storage  on  EMC 
Clariion  and  Clariion  boxes,  and  HP 
Enterprise  Virtual  Arrays  and  Enterprise 


Modular  Arrays. 

Analysts  say  that  one  of  the  biggest  dri¬ 
vers  of  iSCSI  adoption  is  Microsoft’s  release 
of  an  iSCSI  driver  last  year. 

“ISCSI  deployments  are  still  relatively 
recent,” says  Randy  Kerns, senior  partner  for 
analyst  firm  The  Evaluator  Group. 
“Windows  is  the  sweet  spot  right  now  for 
iSCSI  with  Exchange  and  SQL  Server” 

The  Microsoft  connection 

Microsoft’s  endorsement  of  iSCSI  was  a 
boon  to  Network  Appliance,  whose  users 
can  now  install  Exchange  and  SQL  Server 
on  the  company’s  network-attached  stor¬ 
age  devices  and  receive  application  sup¬ 
port  from  Microsoft. 

“A  lot  of  applications  such  as  SQL  Server 
and  Exchange  [are  written  to]  require 
direct-attached  storage  and  iSCSI  allows 


that,”  says  Mike  Casey  director  of  technical 
operations  for  Cross  Country  Healthcare  in 
Boca  Raton,  Fla.  Casey  has  two  Network 
Appliance  FAS940c  clusters. 

Although  users  are  generally  moving 
away  from  direct-attached  storage,  The 
Yankee  Group  estimates  that  some  40% 
of  storage  still  is  attached  directly  to 
servers. 

“We  have  an  IBM  SAN  and  looked  at  the 
cost  and  performance  associated  with  it, 
but  we  found  the  administration  was  so 
much  easier  on  iSCSI,”  Casey  says.  “The 
iSCSI  host  bus  adapters  are  typically  a  third 
of  the  cost  of  Fibre  Channel. The  cabling  is 
all  Category  5.  The  switches  are  a  fraction 
of  the  cost.” 

* 

On  the  dark  side 

Analysts  say  that  despite  user  enthusiasm, 
there  are  downsides  to  the  technology 

“Other  than  Network  Appliance,  there 
are  no  major  storage  system  vendors  that 
support  iSCSI,”  says  Tony  Asaro,  senior 
analyst  for  Enterprise  Storage  Group.  He 
says  although  EMC’s  DMX  array  supports 
iSCSI,  it  is  too  big  and  powerful  a  box  to 
house  less  business-critical  applications. 

Asaro  says  that  his  firm  knows  of  more 
than  450  iSCSI  production  SANs.  Network 
Appliance  claims  100  of  them. 

“Like  any  technology  there  is  an  adoption 
curve  that  takes  time  for  the  mainstream  to 
embrace,”  Asaro  says.“As  the  storage  system 
leaders  begin  to  support  iSCSI  across  all 
their  product  lines,  more  customers  will 
consider  it  as  being  a  viable  choice.” 

IDC  says  that  the  iSCSI  market  will  boom 
from  more  than  $1  billion  this  year  to  $5 
billion  in  2007.  ■ 
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Spirit  of  Service 
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Qwest  iQ  Networking"  Qwest  iQ  Networking  is  a  suite  of  WAN  services  with  domestic  and  international  availability  depending  on  services  selected.  Recurring  fees  vary  depending 
o  '  sen  ices  ordered.  Add  tionai  equipment  may  be  required.  All  trademarks  are  the  property  of  Qwest  Communications  International  Inc.  ©2004  Qwest.  All  rights  reserved. 
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ADVERTISEMENT 


Finisar  Receives  Frost  &  Sullivan 
Market  Leadership  Award 


FROST  &  SULLIVAN 


Citing  it’s  dominant  market  presence 
and  strategic  focus  on  technology,  Frost  & 
Sullivan  has  awarded  Finisar  Corp.  its 
2004  Award  for  Market  Leadership  in  the 
Fibre  Channel  Test  Equipment  market.  The 
Mountain  View,  Calif.-based  research  firm 
presents  its  Market  Leadership  Award  to 
those  companies  that  have  garnered  signif¬ 
icant  market  share  through  a  combination 
of  superior  strategy  and  demonstrated 
leadership  qualities. 

“With  a  compelling  45  percent  market 
share  in  the  fibre  channel  test  arena,  to 
say  that  Finisar  dominated  the  market 
in  2003  would  clearly  be  an  understate¬ 
ment,”  said  Sankar  Prakash,  Analyst, 
Communication  Test  Practice  for  Frost  & 
Sullivan.  “Finisar  has  established  itself  as  a 
leading  player  due  to  its  ability  to  offer 
comprehensive  products  and  integrated 
solutions.” 

Despite  the  recent  downturn  in  the 
communications  industry,  Finisar  continued 
to  invest  in  the  development  of  fibre  channel 
test  equipment  and  grew  its  product  line, 
noted  Prakash.  He  added  that  Finisar  “had 
a  tremendous  insight  about  the  market”  by 
developing  its  Xgig  Analyzer  System  for  the 


“Finisar  has  established  itself  as 
a  leading  player  due  to  its  ability 
to  offer  comprehensive  products 
and  integrated  solutions.” 


burgeoning  storage  area  network  (SAN] 
market,  where  fibre  channel  is  frequently 
deployed.  With  Finisar’s  recent  launch  of 
products  in  the  4  and  10  Gigabyte  range, 
the  Xgig  line  provides  “a  complete  range  of 
testing  products  for  the  fibre  channel 
arena,”  Prakash  said. 


Finisar’s  Xgig  Analyzer 
System  consists  of  both  hard¬ 
ware  and  software.  Targeted 
at  the  overall  SAN  market, 
Xgig  supports  both  fibre 
channel  and  Gigabit  Ethernet 
interfaces  as  well  as  emerging 
SAN  protocols  such  as  iSCSI 
and  FCIR  Xgig’s  hardware  is 
complemented  by  a  software  component, 
Expert,  a  diagnostic  knowledge  base  that 
analyzes  the  Xgig  data  and  flags  a  variety 
of  errant  behaviors,  making  it  easy  for 
enterprise  SAN  managers  to  pinpoint 
problems. 

“We  designed  our  products  to  find  the 
root  cause  of  a  problem.  Expert  helps  to 
troubleshoot  the  problem  once  it’s  found 
and  is  analogous  to  having  an  in-house  fibre 
channel  expert,”  notes  Dr.  Brian  Staff,  Vice 
President  of  Marketing  for  Finisar’s 
Network  Tools  group. 

For  higher-level  SAN/LAN  monitoring, 
Finisar  also  offers  NetWisdom,  a  real-time 
performance  monitoring  application  for 
both  fibre  channel  SANs  and  Ethernet 
LANs.  Finisar’s  LAN  tools  include  the  THG 
(Ten,  Hundred,  Gigabit]  Ethernet  analyzer 
and  monitor  and  the  Surveyor  protocol 
and  analysis  software,  which  works  in 
conjunction  with  THG  to  provide  a  compre¬ 
hensive  view  into  the  network.  A  version  of 
the  Expert  knowledge  base  is  also  available 
for  use  with  THG/Surveyor. 

Frost  &  Sullivan  credited  Finisar’s 
strong  market  presence  to  its  vertical 
product  strategy,  which  encompasses 
providing  test  tools  for  customers  all  along 
the  SAN  market  chain,  from  the  research 
and  development  labs  and  manufacturing 
arms  of  major  SAN  vendors  such  as 
IBM,  Hewlett-Packard,  Cisco  Systems,  and 
Brocade  Communications  Systems,  to  SAN 
managers  in  enterprises  such  as  financial 
institutions,  healthcare  organizations,  and 
retail  establishments. 

“If  you’re  an  enterprise  running  a  SAN, 
chances  are  extremely  high  that  every 
component  in  that  SAN  has  been  tested  by 
a  Finisar  device,”  notes  Finisar’s  Staff.  He 
adds  that  SAN  vendors  use  Finisar  test 
equipment  in  the  development  of  their 
products  as  well  as  equip  their  service  and 
support  staffs  with  the  tools.  Because 


R&D  labs  are  part  of  its  customer  base, 
Finisar  is  often  first  to  market  with  key 
capabilities,  such  as  higher  speed 
interfaces,  higher  port  counts,  and  new 
protocols,  in  order  to  meet  the  needs  of 
these  early  adopters,  says  Staff.  Finisar  is 
the  first  test  maker  to  support  4  and  10 
Gigabyte  fibre  channel  interfaces,  for 
example,  and  offers  the  highest  port 
count,  with  64  interfaces  vs.  32  for  the 
nearest  competitor,  according  to  Staff. 

“If  you’re  an  enterprise  running 
a  SAN,  chances  are  extremely 
high  that  every  component  in 
that  SAN  has  been  tested  by 
a  Finisar  device.” 


Although  new  test  tools  and  features 
are  initially  aimed  at  developers,  Staff  says 
Finisar  understands  the  requirements  for 
enterprise  data  center  and  network 
managers  and  has  developed  specific 
products,  such  as  NetWisdom,  geared  to 
these  customers.  Staff  also  attributes 
Finisar’s  success  to  its  commitment  to 
enhancing  and  maintaining  its  products. 
“We  offer  investment  protection,”  he  notes. 
“We  maintain  our  products  for  very  long 
periods,  and  we’re  constantly  upgrading  our 
software  and  overall  product  line.  People 
know  we’re  going  to  be  around.” 

Although  Frost  &  Sullivan  concentrated 
its  focus  on  the  fibre  channel  market  in 
conferring  its  leadership  award  on  Finisar, 
Prakash  notes  that  Finisar. offers  more 
broad-based  test  solutions.  He  anticipates 
that  this  product  range,  coupled  with 
strategic  initiatives,  will  enable  Finisar  to 
increase  its  share  of  the  SAN  and  LAN 
test  markets. 


Sponsored  by 


Finisar  Corporation 


For  More  Information  Visit  www.finisar.com 


Without  SAN  monitoring,  downtime  is 
stealing  from  your  business. 

Reduce  your  exposure  to  the  risks  associated  with  SAN  downtime.  Get  NetWisdom  and 
Xgig  Analyzer,  the  SAN  monitoring  and  analysis  tools  that  identify  catastrophic  events 
before  they  shut  your  network  down.  SAN  failure  occurs  after  an  accumulation  of  invis¬ 
ible  errors.  Finisar’s  NetWisdom  and  Xgig  Analyzer  proactively  identify  and  troubleshoot 
network  errors,  reducing  business  losses,  technology  costs,  and  customer  service  voids. 

Research  shows  that  SAN  downtime  can  cost  organizations  $100,000  per  minute,  or 
more.*  NetWisdom  and  Xgig  help  you  avoid  these  costs  by  conducting  accurate  perfor¬ 
mance  tuning  and  capacity  planning. 

When  data  stops  moving,  so  do  the  dollars.  Be  part  of  the  solution:  monitor  your  SAN  with 
Finisar  network  tools  and  stop  degradation,  CRC  errors  and  events  that  can  impact  your 
most  critical  business  data  and  transactions. 

View  our  web  seminar,  including  a  customer  case  study  and  demo  of  NetWisdom  by  visiting 

www.finisar.com/risk 


Finisar 


Finisar  has  been  speeding  up  networks  and 
delivering  best-of-breed  products  and  testing 
solutions  since  1988.  Finisar  was  the  recipe 
ent  of  the  2004  Frost  &  Sullivan  Award  for 
Market  Leadership  in  the  fibre  channel  test 
equipment  market.  NASDAQ:  FNSR. 


‘Source:  Fabric  Computing:  Beyond  the  N-tier  Data  Center,  RBC  Capital  Reports  Oct  2003 
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111  ups  the  ante  on  Power  servers 


■  BY  ANN  BEDNARZ 

IBM  has  been  busy  readying  the  next  generation  of  its 
high-end  Power  microprocessor,  and  while  it  takes  a 
different  design  approach  than  previous  generations, 
the  goal  is  the  same:  enabling  bigger,  faster  servers  that 
can  simultaneously  run  multiple  application  environ¬ 
ments  and  operating  systems. 

Due  to  make  its  first  appearance  in  a  pair  of  midrange 
servers  next  month,  Fbwer5  is  the  latest  addition  to  IBM’s 
64-bit  microprocessor  family.  Among  the  highlights  of  the 
chip  are  new  simultaneous  multithreading  technology 
and  improved  server  partitioning  that  analysts  say  could 
yield  35%  performance  gains. 

The  first  Power5-based  servers  will  have  up  to  four 
processors.  Later  this  year,  IBM  plans  to  announce  Power5 
servers  with  up  to  32  dual-core  processors,  capable  of 
executing  up  to  128  threads,  or  application  workloads. 
That’s  quadruple  the  size  of  IBM’s  high-end  p690  Regatta 
server. The  gains  are  made  possible  by  providing  more 
cache  closer  to  the  processor,  which  reduces  interchip 
traffic,  and  moving  the  memory  controller  onto  the 
Power5  chip,  IBM  says. 

To  execute  its  new  high-end  processor  design,  IBM  has 
its  new  chip-making  digs:  Last  year,  the  company  spent 
more  than  $2.5  billion  to  upgrade  its  semiconductor  man¬ 
ufacturing  and  development  facility  in  East  Fishkill,  N.Y 
After  the  renovation,  IBM  reorganized  on  the  corporate 
side.  In  January  IBM  announced  plans  to  fold  the  technol¬ 
ogy  group,  which  centers  on  its  semiconductor  business, 
into  the  systems  group  —  a  key  consumer  of  Power  chip 
technology 

With  the  new  chip  technology  upgraded  facility  and 
new  corporate  structure,  IBM  aims  to  reverse  a  trend  of 
declining  revenue  for  its  semiconductor  business.  IBM’s 
technology  group  saw  revenue  drop  27%  over  year-earlier 
figures  to  $2.9  billion  in  2003.  In  2002,  revenue  fell  24%  to 
$3.9  billion.  In  its  annual  report,  Big  Blue  attributes  the 
2003  decline  to  actions  taken  in  2002  to  refocus  its  micro¬ 
electronics  business  on  high-end  chips,  ASICs  and  stan¬ 
dard  products,  and  sluggish  demand  from  OEM  clients. 

IBM  also  has  changed  its  attitude  toward  chip  develop- 
ment.The  company  is  more  actively  working  to  open  its 
Power  line  of  microprocessors  to  third  parties  and  help 
developers  build  around  its  microprocessor  core.  IBM  is 
encouraging  third-party  vendors  to  license  its  Power 
design  and  its  semiconductor  fabrication  techniques. 

It  has  had  some  success  —  notably  Motorola  and  Apple 
use  IBM’s  Power-family  chips.  But  Big  Blue  is  angling  to  be 
more  successful  at  convincing  others  to  use  its  technology 
Over  the  past  couple  of  years,  IBM  has  tried  to  raise  the 
profile  of  its  entire  Power  family,  from  its  embedded  pro¬ 
cessors  and  licensed  technology  up  through  its  PowerPC 
line  and  high-end  Power  processors  for  servers, says 
Gordon  Haff, senior  analyst  as  Illuminata.'JBM  is  really  try¬ 
ing  to  expand  its  licensing  ecosystem,”  he  says. 

The  company  has  logged  some  recent  successes.  Last 
month  IBM  announced  a  deal  with  Applied  Micro 
Circuits  that  involves  IBM  selling  three  of  its  PowerPC 
processors  and  licensing  access  to  its  Rower  architecture 
to  the  network  and  storage  chip  company  Another  new 
deal  is  with  Sony,  which  is  licensing  IBM’s  Power  technolo¬ 
gy  for  use  in  digital  consumer  electronics  products. 


Big  Blue’s  endgame  is  to  use  its  overall  strength  as  a 
company  to  capture  64-bit  processor  business,  where 
there  is  not  yet  a  clear  and  obvious  chip  provider,  Haff 
says.  Other  vendors  angling  for  chip  share  in  the  64-bit 
market  include  Advanced  Micro  Devices,  Intel  and  Sun. 
“Opening  up  the  Power  architecture  is  really  about  mak¬ 
ing  Power  a  very  common  development  target,  which  in 
turn  increases  the  attractiveness  of  servers  running 
Power,”  Haff  says. 

To  make  it  easier  for  outsiders  to  get  acquainted  with  its 
Power  architecture,  IBM  announced  in  March  new  pro¬ 
grams  aimed  at  sharing  more  technical  information  and 
facilitating  third-party  chip  design  and  testing.  It  launched 
a  portal  for  Power  chip  developers,  began  distributing 
free  software  tools  to  help  developers  simulate  how  their 
systems  can  work  with  Power  technology  and  established 

Road  to  Powers 


design  centers  around  the  world  to  help  customers  devel¬ 
op  custom  chips. 

It’s  a  tactic  that  distinguishes  IBM  from  rival  Intel,  which 
is  less  likely  to  relinquish  control  of  its  intellectual  proper¬ 
ty  observers  sayTower  is  a  more  open  architecture  than 
Intel  processors  are,”  Haff  says.  However,  he  adds  that  Intel 
has  been  more  successful  in  getting  its  chips  into  other 
vendors’  systems  than  IBM  has. 

Among  the  first  orders  of  business  for  the  newly  con¬ 
joined  systems  and  technology  division  is  Power5,  which 
will  show  up  first  in  IBM’s  midrange  iSeries  servers  (for¬ 
merly  the  AS/400).  Power5  processors  eventually  will  be 
built  into  other  server  lines. 

Last  week  the  company  took  the  wraps  off  the  first  two 
Power5-equipped  i5  models:  the  one-  to  two-way  i5  Model 
520,  which  starts  at  about  $10,000;  and  the  two-  to  four¬ 
way  i5  Model  570,  with  a  base  price  of  $85,000. 

One  early  Rower5  user  is  Group  Dekko,  which  plans  to 
replace  a  single-processor  i820  server  it  uses  as  a  develop¬ 
ment  environment  for  new  applications  with  a  new 
Power5-based  i5  server.  Group  Dekko’s  strategy  is  to  break 
in  the  new  technology  on  a  development  server  before 
making  the  switch  for  its  production  environment,  says 
Chris  Edwards,  vice  president  of  IS  at  the  Kendallville, 

Ind.,  manufacturing  conglomerate,  which  supplies  wiring 
components  to  the  office  furniture,  appliance  and  auto¬ 
motive  industries. 


Performance  is  the  main  reason  for  the  upgrade.“With 
all  of  the  compiling,  testing  and  training  that  goes  on  that 
machine,  I’m  running  into  some  pretty  severe  perfor¬ 
mance  requirements,”  Edwards  says.  In  addition,  as  the 
company  deploys  more  memory-  and  processor-intensive 
Java  applications,  performance  becomes  a  greater  issue. 

Once  IBM  readies  larger  i5  servers,  Dekko  plans  to  swap 
its  12-way  i840  production  server  —  which  holds  the 
company’s  ERP  applications  and  Lotus  Notes  environ¬ 
ment  —  for  a  higher-end  Power5  box,  Edwards  says. 

The  Power5  architecture  will  let  Group  Dekko  reap 
greater  performance  with  fewer  processors,  Edwards  says. 
“I’m  guessing  that  a  four-way  with  the  Power5  would  be 
bigger  than  a  12-way’ he  says.“Based  on  where  I’m  at  with 
the  IBM  S-Star  class  of  processors,  I’d  say  we’re  going  to  be 
able  to  get  two  to  three  times  the  performance  per  chip 


of  what  we’re  seeing  today’ 

Some  of  the  performance  gains  can  be  attributed  to 
multitasking: The  Power5  processors  support  multithread¬ 
ing,  in  which  one  processor  acts  like  two  processors  so 
that  one  chip  can  run  multiple  threads.of  the  same  appli- 
cation.The  purpose  of  multithreading  is  to  reduce  idle¬ 
ness;  if  multiple  workloads  run  simultaneously,  it  means 
less  idle  time  for  processor  subcomponents. 

IBM’s  approach  to  multithreading  differs  from  Intel’s, 
Haff  says.  Intel  has  committed  about  5%  of  its  chip  area  to 
multithreading  features  —  an  implementation  that  gar¬ 
ners  about  a  10%  or  15%  performance  gain,  he  says.  IBM, 
on  the  other  hand,  is  taking  up  more  chip  area  for  its  mul¬ 
tithreading  features,  which  are  more  sophisticated  and 
better  able  to  prioritize  threads.The  result  is  performance 
gains  in  the  35%  range,  Haff  says. 

IBM  can  commit  more  chip  area  to  multithreading 
because  RowerS  deployments  are  typically  servers,  which 
are  likely  to  use  the  feature,  Haff  says.  Intel  has  main¬ 
tained  more  of  a  single-threaded  approach  because  of 
the  large  percentage  of  single-thread-oriented  desktop 
deployments  for  its  chips. 

IBM’s  two  new  i5  models,  which  are  slated  for  availabili¬ 
ty  next  month,  are  also  the  first  to  include  the  company’s 
new  Virtual  Engine  technology,  which  lets  systems  built 
on  IBM’s  Fbwer5  chip  be  sliced  into  as  many  as  10  parti¬ 
tions  per  processor.  ■ 


The  evolution  of  IBM’s  venerable  Power  architecture  began  with  its  conception  in  1965  by  IBM  Advanced 
Computing  Systems.  Here  are  highlights  of  the  last  14  years  of  Power  development: 


1990:  First  Power  chip  introduced  for  32- 
bit  technical  computing  systems,  such 
as  RS/6000  running  AIX  Version  3. 


1998:  Power3  brings  64-bit  and  multiprocessor  capabilities  to  technical 
computing;  it's  the  first  Power  chip  compatible  with  PowerPC. 


1995:  PowerPC  AS  for  AS/400  brings 
64-bit  computing  to  commercial  arena. 

1 


|1990  Tl991  |l992  ~1l993  1 1994  1 1995  1 1996  1 1997  | 

t  t 


2004:  Powers  introduction;  IBM  continues  one- 
chip  strategy  for  all  systems  and  workloads. 
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1993:  Power2  introduced  for  32-bit 
technical  computing  systems. 


1997:  PowerPC  RS64  for 
RS/6000  brings  64-bit  computing 
to  commercial  Unix  market. 


SOURCE:  SAGEZA  GROUP 


2001:  Power4  introduction  —  two  architectures 
merged  into  one  design;  it's  the  first  chip  used 
for  technical  and  commercial  computing, 
including  AIX  5L,  OS/400  and  Linux. 
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Introducing  the  only  core  switch  platform  that  delivers  major 
breakthroughs  in  the  areas  of  scalability,  flexibility,  resiliency  and 
security.  The  BlackDiamond  10K  goes  beyond  the  expected  by 
delivering  the  industry’s  highest-density  10-Gigabit  and  Gigabit 
Ethernet.  In  addition,  4GNSS  technology  featuring  T-Flex 
programmable  ASICs  ensures  support  of  emerging  protocols 
without  costly  hardware  upgrades  —  offering  revolutionary 
investment  protection.  How’s  that  for  a  switch? 
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Contact  Extreme  Networks  at 
1.888.257.3000  or  visit  us  on  the  web  at 
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FINALLY  A  WAY  TO  DETECT, 
ISOLATE,  AND  ELIMINATE 
VIRUSES  AND  WORMS 
AT  THE  NETWORK  LAYER. 
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Enterprise  Protection  Strategy 
Trend  Micro,  Inc. 
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TREND 


Introducing  the  industry's  first  outbreak 
prevention  appliance —  only  from  Trend  Micro. 

Deadly  viruses  and  worms  are  now  attacking  at  the  transport  level.  Combat  these  evolving 
threats  with  Trend  Micro'"  Network  VirusWall1" —  the  first  and  only  appliance  designed  to 
prevent  outbreaks  at  the  network  layer.  Detect,  quarantine,  and  eliminate  threats  as  they  occur. 
Assisted  by  our  award-winning  Enterprise  Protection  Strategy  and  security  experts,  you'll 
quickly  contain  viruses  and  worms  and  maintain  productivity.  Mission  accomplished. 


For  details  or  a  free  white  paper,  call  1.888. 58. TREND 
or  go  to  www.trendmicro.com/products/nvw 
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■  PORTALS  ■  MESSAGING/GROUPWARE 

■  E-COMMERCE  II  SECURITY 

■  MIDDLEWARE  ■  DIRECTORIES 

■  NETWORK  AND  SYSTEMS  MANAGEMENT 

■  WEB  SERVICES 


■  Microsoft  has  released  a  plug-in 
for  Lotus  Notes  to  let  its  Office  Live 
Meeting  2003  users  schedule  meet¬ 
ings  with  IBM’s  e-mail  client.  The  plug¬ 
in  works  with  Notes  Versions  5.x  and 
6.x  installed  on  a  PC  running  Windows 
2000  or  XP  with  Service  Pack  1, 
Microsoft  says.  After  installing  the 
software,  Notes  users  will  be  able  to 
perform  Live  Meeting  tasks,  such  as 
scheduling  Web  conferences,  without 
having  to  log  on  to  the  Live  Meeting 
service.  Microsoft  entered  the  Web 
conferencing  market  last  year  when  it 
bought  PlaceWare.  PlaceWare  also 
offered  integration  with  Notes,  but 
that  software  add-on  does  not  work 
with  the  updated  Web  conferencing 
service,  Office  Live  Meeting  2003. 
Microsoft  is  not  alone  in  offering 
Notes  integration.  IBM  competes  with 
Microsoft's  Live  Meeting  through  the 
Lotus  Sametime  service,  and  Web 
conferencing  specialist  WebEx  offers 
plug-ins  for  Notes  and  Microsoft’s 
Outlook.  The  Live  Meeting  plug-in  for 
Notes  is  available  for  free  from 
http://main.placeware.com/ 
support/plugins.cfm. 

■  Akonix  Systems  last  week  re 
leased  a  version  of  its  instant-mes¬ 
saging  management  and  security 
gateway  designed  to  block  spim  and 
malicious  code.  Version  3.0  of  the 
company's  L7  Enterprise  gateway 
for  IM  includes  an  automatically 
updated  filter,  much  like  those  for 
spam  and  anti-virus  software,  which 
blocks  worms,  viruses  and  other  mal¬ 
ware  to  protect  networks  from  IM- 
borne  attacks.  The  filter  installs 
updates  the  Akonix  security  team 
produces,  which  monitors  public  and 
corporate  IM  networks  for  emerging 
threats  and  develops  policies  to  block 
malicious  content. 

Akonix  also  has  added  an  automat¬ 
ic  recovery  system  that  can  restart 
the  gateway  without  user  interven¬ 
tion.  Akonix  L7  Version  3.0  also 
includes  support  for  Microsoft’s  Live 
Communications  Server  and 
Windows  Server  2003.  Akonix  L7 
Version  3.0  costs  $4,000  for  a  50-user 
license. 


Channel  woes  dog  Microsoft 


■  BY  JORIS  EVERS  AND  STACY  COWLEY 

Hiccups  in  Microsoft’s  efforts  to  work 
with  its  channel  partners  continue  to  hurt 
the  software  vendor’s  sales  in  the  business 
applications  market  it  is  trying  to  crack. 

When  the  company  announced  its  quar¬ 
terly  results  recently  CFO  John  Connors 
had  some  harsh  words  for  Microsoft 
Business  Solutions  (MBS),  the  business 
software  group  that  includes  Great  Plains, 
Navision  and  Microsoft  CRM  products. 

While  there  were  no  complaints  about 
sales  abroad,  MBS  in  the  U.S.  is  having 
trouble  maintaining  its  relationship  with 
partners  such  as  the  value-added  resellers 
(VARs)  on  which  it  depends,  according  to 
Connors.“We  aren’t  having  very  good  U.S. 
execution,”  he  said  on  a  conference  call 
with  financial  analysts. 


MBS  CFO  Kevin  Mueller  attributed  the 
problems  to  “short-term  integration 
issues”  merging  Microsoft’s  traditional 
channel  with  the  Great  Plains  Software 
and  Navision  channels  it  inherited  when 
it  bought  those  companies.  The  addition 
over  the  past  year  of  new  personnel  man¬ 
aging  the  MBS  channel  also  has  con¬ 
tributed  to  problems,  he  said  in  an  email. 

Connors  did  not  hold  back  in  his  com¬ 
ments  about  MBS  during  the  conference 
call,  says  Matt  Rosoff,  an  analyst  at 
Directions  on  Microsoft.“I  thought  he  was 
unusually  harsh. That  indicates  to  me  that 
they  have  noticed  that  it  is  somewhat  of  a 
serious  problem.” 

The  problems  aren’t  new,  but  they’re  per¬ 
sistent.  Microsoft  in  the  U.S.  is  “being  less 
effective  with  the  traditional  MBS  partners 
than  the  MBS  group  was  a  year  ago,” 


Connors  told  analysts. 

Last  October,  Connors  said  first-quarter 
MBS  results  showed  a  slowdown,  which 
he  attributed  to  salesforce  and  channel 
realignment  issues.  At  the  time  he  said  the 
company  hoped  the  disruption  had 
peaked  and  would  soon  fade. 

While  all  other  Microsoft  segments 
reported  double-digit  revenue  growth  in 
the  most  recent  quarter,  MBS  reported  rev¬ 
enue  up  only  4%  over  2003’s  third  quarter, 
to  $153  million.  That’s  a  long  way  from 
Microsoft  CEO  Steve  Ballmer’s  forecast  of 
$10  billion  in  annual  sales  for  the  division 
by  2011. 

One  Microsoft  partner  who  works  with 
Microsoft  CRM  —  the  MBS  group’s  highest- 
profile  product,  first  released  early  last  year 
—  says  chaos  descended  in  January,  when 

See  Channel  woes,  page  36 


Auto  Prof  targets  server,  desktop  mgmt 


■  BY  JOHN  FONTANA 

Desktop  management  vendor  AutoProf 
this  week  is  scheduled  to  release  software 
that  will  let  users  streamline  the  central¬ 
ized  management  and  configuration  of 
servers  and  desktops. 

With  Policy  Maker  Professional,  AutoProf 
is  adding  11  Group  Policy  extensions  to 
Microsoft’s  Group  Policy  Management 
Console  snap-in.  In  the  next  two  months, 
AutoProf  plans  to  introduce  Policy  Maker 
Software  Update,  which  will  add  1 1  more 
extensions  to  Policy  Maker,  including  one 
for  patch  management. 

Group  Policy  works  with  Active  Directory 
to  let  customers  manage  and  customize 
desktop  and  server  settings  based  on  poli¬ 
cies  stored  in  the  directory  One  Group 
Policy  extension  can  include  hundreds  of 
settings.  For  example,  an  administrator  can 
prevent  end  users  from  installing  software 
by  loading  a  policy  onto  the  user’s  PC 
when  the  computer  boots  up  and  con¬ 
nects  to  Active  Directory  The  PC  must  have 
Group  Policy  installed. 

But  Microsoft’s  Group  Policy  technology 
has  been  slow  to  catch  on  because  it 
requires  Active  Directory,  it  can  be  hard  to 
understand, and  it  lacks  a  broad  feature  set. 

“We  should  be  poised  to  make  use  of 
Group  Policy,  but  we  found  a  lot  of  things 
missing,  like  managing  shortcuts,”  says 
Danny  Francisco,  lead  technologist  for 
Okanagan  Skaha  School  District  67  in 


AutoProf  is  adding  extensions  to 
Microsoft’s  Group  Policy  techno¬ 
logy  to  help  manage  desktop  and 
server  configurations  using 
centrally  defined  policies.  The  11 
new  extensions  are: 


TCP/IP  and  shared  printer 
connections. 

Network  drive  mappings. 

Shortcut  configurations. 

Registry  and  ini  file  configurations. 

File  and  Folder  configurations. 

Environment  variables. 

Microsoft  Outlook  profiles. 

Microsoft  Office,  Internet  Explorer 
and  third-party  application 
preferences. 

Integration  with  Microsoft's  Group 
Policy  Object  Editor. 

Integration  with  Microsoft's 
Resultant  Set  of  Policy. 


Fbnticton,  British  Columbia.“On  top  of  that, 
the  Microsoft  tools  did  not  give  us  the  flex¬ 
ibility  to  deal  with  exceptions.”  As  result, 
Francisco  and  his  staff  had  to  write  multi¬ 


ple  scripts  to  cover  those  exceptions, 
which  became  a  management  nightmare. 

Francisco  says  AutoProf  eliminated  the 
need  for  the  scripts,  filled  in  the  pieces  he 
needed,  and  added  additional  features, 
such  as  managing  terminal  services. 

“AutoProf  gives  us  choices  so  we  can 
manage  things  on  an  enterprise  level,” says 
Francisco,  who  has  rolled  out  Fblicy  Maker 
to  300  of  his  2,000  desktops  so  far. 

Fblicy  Maker  builds  off  the  Group  Fblicy 
Editor  from  Microsoft,  which  lets  adminis¬ 
trators  edit  and  configure  policies  for 
groups  of  users  or  individual  machines. 
Once  the  policies  are  edited,  they  are 
loaded  into  Active  Directory 

“Group  policy  to  date  has  been  an  imma¬ 
ture  system,”  says  Eric  Voskuil,  CTO  at 
AutoProf.“It’s  a  chicken-and-egg  problem  in 
that  there  has  not  been  enough  Active 
Directory  deployments  and  the  fact  that 
Microsoft  didn’t  finish  Group  Fblicy.  They 
left  that  up  to  the  ISVs.” 

AutoProf  is  the  only  company  currently 
offering  extensions  to  Group  Policy, 
although  FullArmor,  NetlQ  and  Quest  offer 
Group  Fblicy  management  tools  as  alter¬ 
natives  to  the  Microsoft  Group  Fblicy  man¬ 
agement  software  AutoProf  supports. 

Fblicy  Maker  supports  Windows  2000,  XP 
and  Server  2003  operating  systems  and  all 
versions  of  Outlook,  Office  and  Internet 
Explorer. 

The  software  costs  $  10  per  seat  for  1 ,000 
seats.  ■ 
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Enterprise  Applications 


Lessons  from  the  e-voting  mess 


April  30  was  not  a  good  day  for  vendors 
of  electronic  voting  systems.  Nor  was 
May  3. 

There  might  be  quite  a  few  such  bad  days 
ahead  for  companies  that  sell  gussied-up 


PCs  intended  to  replace  older  voting  sys¬ 
tems  such  as  the  punched  card  systems  we 
had  so  much  fun  with  during  the  2000  pres¬ 
idential  election. 

On  April  30,  California  Secretary  of  State 


For  25  years,  we've  walked  the  line  between  next  and  now  to 
develop  innovative  telephony  and  contact  center  solutions  for 
some  of  the  largest  (and  smallest)  companies  in  North  America. 
Converged  and  pure  IP  telephony  networks  that  are  reliable, 
flexible  and  scalable  -  ideal  for  5  or  500,000  employees. 
Productivity  applications  like  unified  messaging  that  drive 
communication  from  anyone  to  anywhere  at  anytime.  Powerful 
contact  center  solutions  that  provide  the  flexibility  and 
structure  to  turn  a  customer  call  into  a  meaningful  connection. 
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Kevin  Shelley  decertified  all  electronic  vot¬ 
ing  systems  for  use  in  California  elections 
unless  a  long  list  of  specific  conditions 
were  met.Three  days  later  the  government 
of  Ireland  decided  not  to  use  the  electron¬ 
ic  voting  systems  it  had  paid  about  $60  mil¬ 
lion  for  because  it  could  not  ensure  they 
would  work.There  might  be  lessons  that  ex¬ 
tend  far  outside  of  the  electronic  voting 
space  in  these  developments.  Many  prob¬ 
lems  have  been  identified  with  these  sys¬ 
tems,  and  just  about  as  many  have  been 
identified  with  the  system  vendors  and  the 
election  officials  that  select  them  (see 
www.nwfusion.com,  DocFinder:  1929). 

The  most  basic  problems  with  the  elec¬ 
tronic  voting  systems  are  that  they  use,  as 
their  core,  PCs  running  Windows  and  treat 
their  own  software  as  proprietary  and 
secret.  It  is  not  impossible  to  create  trusted 
systems  using  Windows  as  a  base,  but  it 
takes  extraordinary  care,  something  that 
can  be  taken  care  of  in  public  reviews  of 
the  processes  that  vendors  and  election  of¬ 
ficials  use.  Processes  of  the  type  that  led  the 
California  secretary  of  state  to  refer  one 
vendor  to  the  California  attorney  general 
for  possible  criminal  or  civil  prosecution. 

It  also  is  possible  to  create  secure  propri¬ 
etary  software,  but  to  do  so  requires  ven¬ 
dors  employ  and  listen  to  security  experts 
and  get  external  experts  to  review  the 
code.  An  external  review  of  one  of  the  elec¬ 
tronic  voting  systems  —  not  at  the  vendor’s 
request  or  desire  —  revealed  the  code  was 
appallingly  poorly  programmed.  To  quote 
one  reviewer:  “It’s  not  as  though  they  did 
security  poorly  It’s  as  though  they  didn’t 
think  about  it  at  all.” 

I’m  not  sure  if  I’m  more  troubled  that  the 
security  clue-challenged  company  was 
selling  this  software,  or  that  at  least  some  of 
the  software  was  certified  for  use  by  gov¬ 
ernment  agencies. 

Many  systems  have  reliability  and  secur¬ 
ity  requirements  similar  to  voting  mach¬ 
ines,  including  ATMs.  The  report  that 
Shelley  published  can  be  used  as  a  good 
list  of  prerequisites  to  deploy  any  system  of 
this  type  (see  DocFindpr:  1930).  The  report 
stresses  the  importance  of  software  review, 
system  and  process  documentation,  sys¬ 
tem  isolation  and  training. 

Quite  a  few  observers  have  said  the  basic 
lesson  from  the  voting  system  debacle  is 
that  all  software  for  this  type  of  critical  sys¬ 
tem  should  be  open  source.  I  don’t  think 
that  is  an  unwarranted  conclusion,  but 
maybe  the  lesson  is  deeper.  Just  maybe, 
general-purpose  operating  systems  are  not 
the  best  solution  to  all  problems.  Maybe 
stripped-down  specialized  code  is  better  in 
some  cases. 

Disclaimer: “Stripped  down”  is  not  a  con¬ 
cept  often  associated  with  Harvard  even  if 
“specialized”  might  be.  In  any  case,  the 
university  was  not  involved  in  writing  the 
above  column. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  Sys¬ 
tems.  He  can  be  reached  at  sob@sob.com. 


“Check  Point  Express  brings 
enterprise-class  security  to 
the  mid-sized  company  at  a 
price  and  performance  level 
that  meets  their  needs!’ 

Charles  Kolodgy,  Research  Director, 
Security  Products,  IDC 
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We  Secure  the  Internet. 


Secure  your  business  with  Check  Point  Express. 

Your  business  deserves  the  best  security  solution  available  today:  Check  Point  Express/  Designed  for  companies  with 
100-500  employees,  Check  Point  Express  protects  your  business  with  the  same  superior  firewall  and  VPN 
technology  that  secures  97  of  the  Fortune  100.  Yet  it’s  priced  right  for  mid-size  businesses.  With  Check  Point  Express, 
you’ll  get  performance  you  can  always  rely  on,  and  security  you  don’t  have  to  worry  about.  Its  unique  features  include 
intelligent  network  and  application-level  protection.  And  its  intuitive  interface  simplifies  every  aspect  of  security 
management.  There  is  no  better  way  to  secure  your  critical  network  resources  and  connect  remote  users  and  sites. 
See  for  yourself.  Compare  Check  Point  Express  to  competing  offerings  at  www.checkpoint.com/compareexpress. 

Check  Point  Express  comes  pre-installed  on  appliances  from  Sun  and  Nokia 
and  runs  on  open  servers  from  Dell,  IBM,  and  other  leading  manufacturers. 
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Managed  Objects  helps  track  services 


■  BY  DENISE  DUBIE 

Managed  Objects  this  week  is  ex¬ 
pected  to  unveil  software  that  will 
let  customers  track  internal  ser¬ 
vice-level  agreement  compliance 
based  on  network,  system  and 
application  performance  data. 

Business  Service  Level  Manager 
2.0  is  add-on  software  to  Managed 
Objects’  flagship  management 
package,  Formula.The  software  ex¬ 
tracts  data  from  Formula,  corre¬ 
lates  it  and  comparas  it  to  SLAs  IT 
managers  have  pre-defined.  Form¬ 
ula  also  can  gather  system  data 
from  other  management  systems 
such  as  BMC  Softwares  Patrol, 
Computer  Associates  Unicenter 
and  HP  OpenView.  The  software 
also  can  pull  data  from  inventory 
billing  and  transaction-based  sys¬ 
tems  to  integrate  business  metrics 
with  IT  performance  data. 

Ritch  Houdek,  IT  manager  at  a 
privately  held  Midwestern  finan¬ 
cial  services  firm,  says  BSLM  2.0 
lets  him  set  more-specific  SLAs 
based  on  metrics  such  as  applica¬ 
tion  priorities  and  end-user 


needs.  He  is  beta-testing  BSLM  2.0 
and  also  uses  Patrol,  OpenView 
and  Ranacya  Service  Center  to 
track  application  performance. 

“We  typically  use  three  broad 
buckets  for  application  service 
levels. We  can  better  classify  appli¬ 
cations  with  [BSLM]  than  with 
the  crude  approach  we  have 
nowf  Houdek  says. 

BSLM  2.0  runs  on  a  Windows 
2000  or  XPSolaris,  Linux,  HP- 
UX  or  AIX  server  and  works 
as  an  add-on  to  Formula. 
Formula  consists  of  server 
software  that  runs  on 
Windows  NT,  Linux  and 
Unix,  and  provides  reports 
via  a  Web-based  console. 

BSLM  competes  with  prod¬ 
ucts  from  Concord,  Micro¬ 
muse  and  SMARTs, which  all 
develop  similar  software. 

Pricing  starts  at  $60,000  for 
existing  Formula  customers. 
Pricing  for  new  customers 
for  Formula  and  BSLM  2.0  starts  at 
about  $200,000  and  varies  de¬ 
pending  on  the  number  of  soft¬ 
ware  adapters  purchased.  ■ 


SLA  surveillance 

Managed  Objects'  Business  Service  Level  Manager 
manage  service-level  agreements  in  terms  that  IT 


2.0  software  lets  users  define  and 
and  business  managers  understand. 
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Business  users 
can  quickly  de¬ 
termine  applica¬ 
tion  availability 
because  BSLM 
2.0  uses  colors  to 
indicate  status 
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IT  managers  can  drill  down 
to  get  more  information  on 
the  cause  of  performance 
degradation. 
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BSLM  2.0  can  show  histor¬ 
ical  data  for  trend  analysis, 
as  well  as  alert  IT  managers 
to  a  potential  problem. 


Channel  woes 

continued  from  page  33 

Microsoft  shook  up  the  channel  by  moving 
Microsoft  CRM  into  its  volume-licensing 
program  and  cutting  the  margin  paid  to 
partners  for  upfront  sales. 

For  Ben  Holtz,  CEO  of  Green  Beacon 
Solutions,  a  Watertown,  Mass.,  CRM  services 
firm,  the  change  meant  that  he  could  no 
longer  buy  his  clients’  CRM  licenses  direct¬ 
ly  from  Microsoft.Instead.he  now  works  via 
a  reseller,  an  arrangement  that’s  been 
fraught  with  complications  and  delays. 

“We’re  not  a  high-volume  dealer.  We  are 
having  a  terrible  time  getting  customers  sit¬ 
uated  properly  with  the  software,”  he  says. 
“We  had  a  very  rough  time  signing  up  with 
the  distributor. We  haven’t  gotten  any  of  our 
referral  bonus  cuts  that  we’re  supposed  to 
get.lt  used  to  be  so  easy  I’d  get  online,  order 
something, they’d  ship  it, and  I  got  it  and  got 
my  commissions.” 

Microsoft’s  rationale  for  the  change  is  that 
volume  licensing  is  easier  for  end  users, 
who  can  buy  from  their  preferred  reseller. 
But  Microsoft  CRM  is  aimed  at  small  and 
midsized  companies,  organizations  that 
typically  don’t  buy  in  bulk  and  don’t  have 
a  deep  relationship  with  Microsoft,  Holtz 
says.  For  those  customers, and  for  the  small 
consultancies  that  support  them,  the 
changes  have  added  obstacles  and  bureau¬ 
cracy  to  the  buying  process. 

Microsoft’s  MBS  missteps  come  as  it  is  try¬ 
ing  to  gain  share  in  the  crowded  and  high¬ 
ly  coveted  market  for  business  applications 
aimed  at  midsize  companies.  Microsoft 


faces  stiff  competition  from  large  vendors 
moving  into  the  small  and  midsize  busi¬ 
ness  market,  such  as  SAP  and  PeopIeSoft, 
and  from  smaller  vendors  already  there, 
including  Salesforce.com,  NetSuite  and 
Intuit. 

“We’re  just  not  doing  a  lot  better  than  the 
competition  the  way  we  expected.  We’re 
kind  of  doing  what  the  competition  is 
doing,”  Connors  said.  He  expects  U.S.  oper¬ 
ations  to  begin 
meeting  Micro¬ 

soft’s  expectations 
sometime  in  the 
company’s  2005 
fiscal  year,  which 
starts  July  1 . 

Not  all  of  Micro¬ 
soft’s  problems  are 
of  its  own  making. 

“It  has  been  a 
lousy  several 

months  for  selling 
accounting  and 
CRM  software,” says 
Rafael  Zimberoff,  president  of  Z-Firm,  a 
Santa  Rosa,  Calif.,  firm  that  makes  add-ons 
for  MBS  products,  including  Microsoft 
CRM. “All  the  players  are  basically  treading 
water!’ 

Microsoft’s  channel  plan  needs  some 
adjusting  to  accommodate  for  the  differ¬ 
ences  between  the  business  software  mar¬ 
ket  and  the  platform  market  with  which 
Microsoft  is  more  familiar,  Zimberoff  says. 
Software  to  handle  sales,  accounting,  mar¬ 
keting  and  customer  service  tasks  is  more 
complex  to  install,  customize  and  service 


than  the  operating  system  and  desktop 
software  that  forms  Microsoft’s  core  busi¬ 
ness.  A  channel  strategy  built  for  the  plat¬ 
form  market  doesn’t  necessarily  fit  the 
needs  of  business  software  partners  and 
buyers. 

“Customers  are  buying  two  fundament¬ 
ally  different  things,” Zimberoff  says.’A  busi¬ 
ness  software  customer  has  a  number  of 
competitive  options  and  often  has  a  long- 

II  We’re  just  not  doing  a  lot 
better  than  the  competition 
the  way  we  expected.  We're 
kind  of  doing  what  the  com¬ 
petition  is  doing.  9  9 

John  Connors 

CFO,  Microsoft 

standing  relationship  with  their  reseller.  A 
platform  buyer  has  a  different  relationship 
with  Microsoft  and  the  reseller,  which  in 
many  cases  is  more  shallow.  What  kind  of 
relationship  do  you  need  to  have  to  get  a 
PC  with  Office  installed  on  it?” 

Channel  issues  aren’t  Microsoft’s  only 
hurdle.  Its  vagueness  about  MBS  product 
plans  might  be  crimping  sales.The  vendor 
has  talked  publicly  about  Project  Green, 
an  initiative  to  replace  Great  Plains, 
Navision  and  Microsoft  CRM  products 
with  applications  built  on  a  single  code 


base  that  depends  on  Microsoft’s  Long¬ 
horn  client,  server  and  tools  products, 
which  is  expected  to  start  shipping  in 
2006. 

“The  elephant  in  the  house  is  Project 
Green,”  says  Directions  on  Microsoft’s 
Rosoff.“It  seems  like  something  that  could 
hurt  MBS  sales.  Customers  know  there  is 
going  to  be  this  big  technology  transition, 
and  Microsoft  has  not  given  them  any 
assurance  about  backward  compatibility’ 

Microsoft’s  reluctance  to  discuss  a  CRM 
road  map  also  frustrates  some:  It  took  the 
company  nearly  a  year  to  put  out  Microsoft 
CRM  1.2, an  update  generally  regarded  as  a 
bug-fix  release,  and  the  company  has  not 
committed  to  a  date  for  a  2.0  version. That 
release,  not  expected  before  mid-2005,  is 
likely  to  incorporate  expanded  customer 
service  and  mobile  features  that  will  make 
Microsoft  CRM  more  competitive  with  its 
rivals’  products. 

Despite  their  gripes,  some  partners  say 
they’re  with  Microsoft  for  the  long  haul. 

The  disruptions  Holtz  has  faced  haven’t 
stopped  him  from  enthusiastically  backing 
Microsoft  CRM,  he  says.  Lance  Kyle,  manag¬ 
ing  director  of  Seattle  CRM  services  firm 
Acetta.says  the  changes  Microsoft  made  as 
it  moved  to  volume  licensing  for  CRM  cut 
his  firm’s  margins  on  the  product,  but  not 
significantly  enough  to  worry  him.  He  says 
he  considers  Acetta’s  dealings  with  Micro¬ 
soft  fairly  smooth. 

Evers  and  Cowley  are  correspondents 
with  the  IDG  News  Service's  San  Francisco 
bureau. 
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THE  IDEAL  I.T.  INFRASTRUCTURE: 
QUICKLY  ADAPTARLE, 
SUPREMELY  FLEXIRLE, 

NOW  ACHIEVARLE. 


Feeling  a  bit  skeptical  these  days?  It’s  perfectly  understandable. 

After  all,  integrating  those  “best  of  breed”  applications  into  your  IT  infrastructure 
turned  out  to  be  not  nearly  as  fast  or  foolproof  as  advertised.  And  capturing  their 
full  value,  as  well  as  the  full  value  of  your  entire  infrastructure, 
probably  still  seems  like  a  distant  goal. 

Given  the  circumstances,  you  did  everything 
you  could.  After  all,  you  were  handed  the  technological 
equivalent  of  a  drawerful  of  mismatched  socks  — 
very  expensive  socks. 

But  now  you  can  do  more  —  actually, 
quite  a  lot  more.  Read  on  and  find  out  how. 

THE  ACCELERATION  OF  EVOLUTION 

Remember  when  it  was  okay  for  businesses 
to  evolve  slowly? 

01  course  you  don’t.  Success  has  always 
been  about  speed:  the  speed  of  innovation,  the 
speed  of  implementation.  And  it  all  just  keeps 
getting  faster. 

Today,  markets,  customers  and  competi¬ 
tors  change  seemingly  overnight.  And  so  must 
your  business  processes  and  strategies. 

Untortunately,  this  rapid  pace  of  change 
has  exposed  a  fundamental  weakness  at  many 
businesses:  an  IT  infrastructure  that  can’t  evolve 
quickly  enough  to  take  advantage  of  opportunities 
or  respond  to  challenges. 

There  are  two  reasons  for  the  bottleneck. 
The  first  is  complexity.  By  the  time  a  new 
business  process  or  strategy  can  be  designed, 


/ 


built,  implemented  and  executed  technologically, 
the  w  indow  of  opportunity  has  usually  closed. 

The  second  is  monetary.  Currently,  80% 
of  the  average  IT  budget  is  earmarked  for  operation 
and  consolidation.  Very  little  is  left  for  innovation. 
(Source:  SoundView  Technology  Group,  2003.) 

Can  your  business  afford  to  concede  opportu¬ 
nities  to  more  agile  competitors?  Of  course  not. 

Your  task  is  clear:  to  enable  your  company  to 
compete  and  win,  you  have  to  reduce  the  complexity 
and  cost  of  your  IT  infrastructure,  and  reallocate 
more  of  your  resources  toward  innovation. 

Fortunately,  there’s  a  technology  platform 
that  will  enable  you  to  fulfill  that  task.  It’s  called 
SAP  NetWeaver.™ 

But  before  we  take  a  closer  look  at  what 
makes  SAP  NetWeaver  so  useful,  let’s  explore  what 
contributes  to  a  high,  and  skew'ed,  overall  TCO. 

THE  COMPLETE  TCO  EQUATION 

The  typical  IT  infrastructure  is  a  jumble  of 
disparate  technologies  (including  portals,  business 
intelligence,  knowledge  management,  etc.)  and 
applications  (both  legacy  and  best  of  breed). 

Whether  you’re  integrating  your  applications 
into  a  portal  or  a  business  intelligence  solution, 
or  connecting  your  apps  with  the  integration 
broker,  it’s  costing  you  time,  money,  and  un¬ 
necessary  aggravation. 


To  help  illustrate  just  how'  much  money, 
we’re  introducing  a  new,  more  complete  way 
of  identifying  costs.  It’s  called  The  Complete 
TCO  Equation. 


From  this  point  of  view,  it’s  no  surprise 
that  integration  has  been  likened  to  a  sinkhole, 
draining  money  from  innovation  and  preventing 
your  business  processes  and  strategies  from  evolving 
as  quickly  as  they  need  to. 

But  what  if  you  could  transform  integration 
into  a  far  simpler,  less  expensive,  less  painful  process  — 
no  matter  whose  technology  or  applications  you’re 
integrating?  Now-  you  can  —  with  SAP  NetWeaver. 

SAP  NETWEAVER: 

ELIMINATING  HURDLES,  ENARLING  IDEAS 

Imagine  being  able  to  quickly  and  efficiently 
align  IT  w  ith  your  business’s  needs,  to  drive  new 
strategies  for  growth  while  minimizing  risk  and 
cost,  to  compose  new  business  processes  on  top 
of  existing  systems. 


COMPLETE  TCO  = 

the  cost  of  all  your  technologie 
+  the  cost  of  all  your  applicatioi 
+  the  cost  of  integrating  all  you 


,  including  their  integration  into  a  single  platform 
s,  including  their  integration  into  an  end-to-end  process 
technologies  with  all  your  applications 


It’s  all  possible  with  SAP  NetWeaver. 

SAP  NetWeaver  is  an  open,  standards- 
based  integration  and  application  platform  that 
greatly  reduces  the  complexities  of  integration. 
Its  components  include  a  portal,  an  application 
server,  business  intelligence,  and  integration 
and  data  consolidation  technologies. 

With  SAP  NetWeaver,  you  capture  the 
full  value  of  the  technology  you  already  have  in 
place,  and  pave  the  way  for  luture  technology  — 
SAP  or  non-SAP. 

The  result:  an  opportunity  to  achieve 
significantly  greater  flexibility  at  a  far  lower, 
sustainable  TCO. 

Bottlenecks  disappear.  Timetables  are 
met.  Business  goals  are  achieved.  Your  entire 


IT  architecture  is  elevated  from  an  enabler 
of  work  into  an  enabler  of  change. 

For  current  SAP  customers,  there’s 
even  more  of  an  advantage:  SAP  NetWeaver 
comes  pre-integrated  for  SAP®  solutions, 
which  greatly  reduces  the  costs  associated 
with  systems  integration. 

But  SAP  customer  or  not,  there’s  one 
thing  that  should  be  clear:  of  all  the  software 
providers  in  business  today,  SAP  is  uniquely 
positioned  to  deliver  integrated  technologies 
and  technologies  integrated  with  applications. 

If  that  concept  piques  your  interest,  we 
suggest  you  visit  sap.com/netweaver  where, 
we  hope,  your  curiosity  will  be  integrated 
with  our  solutions. 
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The  success  of  Check  Point  Software 
Technologies  Ltd.,  the  world’s  leading  developer 
of  firewall  software,  was  founded  on  innovative 
Web  service  applications,  which  it  used  to  sup¬ 
port  a  global,  third-party  channel  that  delivered 
one  hundred  percent  of  the  company’s  sales. 

But  success  had  a  price:  its  central  IT 
department  was  spending  too  much  time  main¬ 
taining  the  large  number  of  applications.  What’s 
more,  their  IT  infrastructure  was  a  dizzying  mix 
of  different  application  servers,  development 
tools,  and  open  source  components. 

Using  SAP  NetWeaver  —  and,  more 
specifically,  SAP  Enterprise  Portal  and  SAP 
Web  Application  Server  —  Check  Point  was  able 
to  immediately  consolidate  its  Web  services 
infrastructure,  doubling  central  IT’s  applica¬ 
tion  development  productivity.  Within  a  year 
and  a  half,  Check  Point  saw  an  ROI  of  586% 
based  on  IT  productivity  increases  and  swifter 
rollouts.  The  consolidation  also  allowed  Check 
Point  to  reduce  the  number  of  servers  running 
their  Web  service  applications  from  1 1  to  3. 
Over  five  years,  Check  Point  expects  a  23% 
reduction  in  TCO. 
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Carl  Zeiss,  a  leading  optical  component 
manufacturer  with  14,000  employees,  needed  to 
find  a  w  ay  to  evolve  more  quickly.  Consolidation 
among  optical  chains  was  creating  new7,  ever- 
larger  customers,  resulting  in  management 


scenarios  of  greater  complexity  and  delays  in 
order  processing. 

Using  SAP  NetWeaver,  Carl  Zeiss  was 
able  to  integrate  multiple  systems  around  the 
needs  of  their  customers,  developing  individual 
logistics  strategies  for  each  chain.  As  a  result, 
custom  orders  and  changes  arc  now7  accommo¬ 
dated  more  easily.  And  the  time  it  takes  to 
integrate  a  new  customer  into  the  system  has 
dramatically  decreased. 

Besides  gaining  more-satisfied  cus¬ 
tomers,  Carl  Zeiss  reduced  the  average  cost 
per  integration  interface  by  50%. 
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Sasol,  a  holding  company  for  nearly 
fifty  separate  chemical  and  fuel  businesses 
around  the  world,  had  consolidated  all  of 
its  core  operational  software  around  SAP. 
However,  it  still  faced  the  challenge  of  properly 
managing  a  widely  dispersed,  and  culturally 
diverse,  workforce. 

Using  SAP  NetWeaver,  Sasol  was  able 
to  create  an  enterprise-wide  information 
portal  for  collaboration  and  communications 
between  employees  of  different  divisions, 
greatly  increasing  the  company’s  ability  to 
meet  strategic  corporate  goals.  The  portal  also 
served  to  coordinate  business  processes  for  HR, 
production  planning,  and  production  wrork 
flow  across  Sasol’s  various  business  units. 

The  financial  results  were  impressive, 
with  an  ROI  over  five  years,  after  tax,  of  453%. 
But  even  more  importantly,  thanks  to  SAP 
NetWeaver,  Sasol  was  able  to  become  a  truly 
global  player. 
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MCI  by  the  numbers 

SEC  filings  reveal  the  carrier’s  post-bankruptcy  financial  status. 


■  BY  DENISE  PAPPALARDO 


.  Revenue  is  dropping,  spending  on  new 
technologies  is  shrinking  and  a  net  loss  for 


the  year  is  likely  A  downer  of  a  coming-out 
party  for  MCI,  huh? 

I  Newly  public  Securities  and  Exchange 
Commission  (SEC)  filings  from  the  carrier 
give  the  clearest  picture  of  the  company’s 
financial  health  in  months.  MCI  had  been 
ible  to  keep  much  of  its  financials  private 
while  under  Chapter  11  bankruptcy  pro¬ 
tection,  which  it  emerged  from  last  month. 
1  In  documents  filed  with  the  SEC,  MCI 
reported  a  19.1%  drop  in  business  services 
revenue  in  2003  to  $14.1  billion  (www. 
nwfusion.com,  DocFinder:  1946).  MCI’s 
overall  revenue  fell  14.7%  over  that  period 
from  $28.6  billion  to  $24.4  billion  (these  fig- 
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■  Ciena  last  week  completed  the 
acquisitions  of  Catena  Networks 
and  Internet  Photonics,  two  com 

panies  that  add  broadband  access 
and  metropolitan  services  product 
lines  to  Ciena's  optical  portfolio. 
Ciena  says  it  was  spending  $636  mil¬ 
lion  to  acquire  the  companies. 
Effective  immediately,  Catena 
becomes  Ciena’s  Broadband  Access 
Group,  led  by  former  Catena  CEO 
Jim  Hjartarson.  Internet  Photonics 
becomes  part  of  Ciena’s  Metro  and 
Enterprise  Services  Group,  led  by 
James  Frodsham. 


■  The  Multiservice  Switching 

Forum  last  week  announced  that 
Advanced  Fibre  Communica¬ 
tions,  Cable  &  Wireless,  Erics¬ 
son  and  Nortel  have  joined  its 
\  ranks.  The  forum  is  an  association  of 
,  service  providers  and  system  suppli¬ 
ers  looking  to  develop  and  promote 
■  open-architecture  multiservice 
i  switching  systems  incorporating 
|  frame,  cell  or  packet-based  technolo¬ 
gies  designed  to  support  voice,  video, 
private  line  and  data.  The  group 
formed  in  1998  and  has  32  members. 


Not  a  pretty  picture 


Fresh  out  of  bankruptcy  protection,  MCI  will  look  to  reverse  what’s 
been  a  revenue  downturn  in  all  but  international. 

(In  the  billions)  -J 
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Business  revenue  ■  International  revenue 
Consumer  revenue 


*  Revenue  tloes  not  include  MCI'* 
Brtudinn  dlvUfon  Embratcl,  which 
is  being  sold. 


ures  do  not  include  MCI’s  Brazilian  division 
Embratel,  which  MCI  is  selling). 

Throughout  its  bankruptcy  proceedings, 
MCI  was  required  to  provide  monthly 
financial  reports  that  only  included  overall 
net  income  and  revenue  figures.  It  was 
nearly  impossible  to  figure  out  how  much 
the  carrier  was  spending  internally  or  how 
much  revenue  was  coming  from  its  con¬ 
sumer,  international  or  business  divisions. 

On  top  of  releasing  more-detailed  finan¬ 
cial  results,  the  carrier  reduced  its  finan¬ 
cial  guidance  for  2004.  MCI  originally  said 
it  would  bring  in  $21  billion  to  $22  billion 
in  revenue  for  the  year,  but  now  says  it  will 
come  in  at  the  lower  end  of  that  estimate. 

Spending  plans 

The  carrier  has  stated  that  its  capital 
expenditures  for  2004  will  be  $1.05  billion, 
which  translates  into  5%  of  its  revenue. 
“That’s  extremely  low?’ says  Kevin  Mitchell, a 
directing  analyst  at  Infonetics  Research. 
Carriers  in  North  America  —  including 
incumbent  local  exchange  carriers, 
interexchange  carriers  and  cable  compa¬ 
nies  —  average  close  to  14%,  with  IXCs  hov¬ 


ering  around  10%,  he  says. 

MCI’s  numbers  actually  will  be  up  from 
2003,  when  the  company  spent  about  $732 
million,  or  roughly  3%  of  its  revenue, 


Mitchell  says. 

In  contrast,  AT&T  says  it  likely  will  spend 
about  $7  billion  this  year. 

See  MCI,  page  40 


New  gear  to  deliver  Ethernet  access 

Adva  offerings  designed  to  make  Ethernet  services  more  accessible  to  campus  networks 


■  BY  JIM  DUFFY 

Adva  Optical  Networking  this  week  will 
unveil  a  product  that  could  result  in 
Ethernet  access  services  becoming 
more  readily  available  to  business  cus¬ 
tomers  seeking  more  bandwidth  at  cam¬ 
pus  networks. 

The  company’s  ESP  150  Ethernet  circuit 
provisioning  and  aggregation  system 
adheres  to  the  IEEE  802.3ah  standard  for 
Ethernet  in  the  First  Mile  (EFM)  LAN 
extension  from  enterprise  networks  into 
carrier  metropolitan  networks. 

Adva  says  its  system,  which  consists  of  a 
customer  premises-based  demarcation 
unit  and  two  aggregation  devices  that  sit 
in  the  service  provider’s  access  infrastruc¬ 
ture,  provides  carriers  with  an  alternative 
to  traditional  methods  for  provisioning 
managed  Ethernet  services.  Such  meth¬ 
ods  include  the  combination  of  routers 
with  metropolitan  dense  wavelength  divi¬ 
sion  multiplexing  transport  platforms  over 


dark  fiber;  SONET  leased  lines  with  pro¬ 
prietary  mapping  techniques;  and  Layer  2 
enterprise-class  switches. 

Adva  says  these  older  techniques  lack 
10G  bit/sec  support  for  high-speed  data 
center  connectivity  or  are  inefficient  and 
expensive  for  mass  Ethernet  rollout. 

EFM-based  systems,  on  the  other  hand, 
support  native  Ethernet  access  to  a  Layer 
2/Layer  3  switch  router  infrastructure  in 
the  carrier  network,  and  operations, 
administration  and  management  princi¬ 
ples  familiar  to  the  service  provider, 
Adva  says. 

EFM,  however,  was  dealt  a  blow  last  year 
when  three  RBOCs  issued  the  Fiber-to-the- 
Premises  (FT I  P)  RFP  Analysts  say  FTTP 
favors  the  Full  Service  Access  Network 
standards  and  broadband  passive  optical 
networking  equipment  over  EFM  stan¬ 
dards  and  Ethernet  PON  gear  (www.nw 
fusion.com,  DocFinder:  1947). 

Still,  the  market  for  Ethernet  access  ser¬ 
vices  is  big  and  expected  to  get  huge. The 


worldwide  market  is  expected  to  triple 
from  $10  billion  last  year  to  more  than  $30 
billion  in  2007,  Adva  says,  citing  data  from 
IDC. 

Adva’s  demarcation  unit  —  the  FSP 
150CP  —  features  three  management 
ports,  two  Ethernet  access  ports  that  sup¬ 
port  10/1 00M  bit/sec  and  Gigabit 
Ethernet,  and  two  fiber  network  connec¬ 
tion  ports.  The  carrier  network  compo¬ 
nents  —  FSP  150ME  and  FSP  150MO  — 
support  10  electrical  and  10  optical 
Ethernet  aggregation  interfaces,  respec¬ 
tively.  The  overall  system  can  be  config¬ 
ured  in  point-to-point,  tree  or  ring 
topologies  for  provisioning  of  managed 
E-Line  (Ethernet  point-to-point  private 
line)  or  E-LAN  multipoint  services,  Adva 
says.  It  supports  50  millisec  protection 
switching  and  a  proprietary  restoration 
technique  to  recover  from  faults,  the 
company  adds. 

The  base  price  of  the  FSP  150  will  be 
about  $1 ,000. It  will  be  available  in  June.fi? 
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Accelerating  and  Securing 
eb-Delivered  Applications 

NetScaler  brings  performance ,  security  and  reliability  to 
Web-delivered  applications  with  a  single ,  integrated  solution. 


ShopNBC 


Vertical  industry:  E-commerce 

Problem:  Providing  good  perfor¬ 
mance  for  a  customer  base  domi¬ 
nated  by  dial-up  users. 

Solution:  NetScaler  9800  Secure 
Application  Switch  to  compress 
SSL  and  non-SSL  traffic. 


Result:  33%  improvement  in 
homepage  download  time  over 
dial-up  lines,  from  24-25  seconds 
to  15-16  seconds.  Average  page 
download  time  reduced  one- 
third  to  one-half.  Improved 
shopping  experience  leads 
to  more  revenue. 


Cost  savings:  Postponed  pur¬ 
chase  of  new  servers  for  18 
months;  approximately  $26,000 
per  year  in  reduced  SSL  and  Web 
log  analyzer  licensing  fees;  lower 
administration  costs. 
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ShopNBC 


ShopNBC,  an  upscale  TV 
and  Internet  retailer,  sells  products 
affiliated  with  the  NBC  television 
network  as  well 
as  an  array  of 
general  mer¬ 
chandise,  from 
computers  and 
jewelry  to 
health  and 
fitness.  The 
compression 
and  SSL 

acceleration  capabilities  in  the 
NetScaler  9800  gave  ShopNBC  an 
immediate,  noticeable  performance 
boost.  "NetScaler's  products  sur¬ 
passed  the  alternatives  in  delivering 
the  performance  that  our  customers 
demand,"  says  Steve  Craig,  vice 
president  and  CTO  at  ShopNBC. 
Even  with  the  Summer  Olympics 
coming  up,  Craig  is  confident  he 
won't  have  to  buy  more  servers 
to  keep  up  with  demand. 


As  companies  continue  to  turn  to  the 
Web  to  deliver  business-critical  applica¬ 
tions,  they  learn  more  and  more  about  its 
limitations.  Applications  can  perform  poorly, 
especially  under  heavy  load  or  when 
accessed  via  low-quality  connections. 
Providing  proper  security  is  a  seemingly 
never-ending  battle,  whether  the  goal  is  to 
protect  personnel  records  and  customer 
transaction  data  or  simply  to  maintain 
application  availability  in  the  face  of  a 
denial-of-service  (DoS)  attack.  You've  also 
got  to  ensure  you  provide  appropriate  virtu¬ 
al  private  network  (VPN)  access  to  critical 
applications  for  an  ever  broader  range  of 
employees,  partners  and  end  customers  — 
without  breaking  the  bank. 

Any  one  of  these  issues  could  threaten  the 
overall  return  on  investment  (R0I)  on  your 
Web  application  infrastructure,  whether  it's 
used  for  internal  applications,  an  extranet 
that  ties  in  business  partners  or  a  public 
Web  site.  Taken  together,  the  various  threats 
represent  a  potentially  devastating  risk  to 
your  ability  to  achieve  business  goals. 

You  do  have  options  for  addressing  these 


issues — perhaps  too  many  options.  Indeed, 
many  separate  appliances  each  purport  to 
address  a  portion  of  the  problem,  including 
load  balancers,  Layer  7  or  "application 
switches,"  compression  appliances,  Web 
caches,  Secure  Sockets  Layer  (SSL)  acceler¬ 
ators,  DoS  protection  systems  and  VPN 
gateways.  The  problem  is,  cobbling  together 
numerous  point  products  increases 
complexity  and  interoperability  risks,  while 
raising  capital  and  operating  expenses. 

"We've  spoken  with  many  people  at 
enterprises  that  operate  internal  or  external 
applications,"  says  Peter  Sevcik,  president  of 
NetForecast,  a  consulting  firm  that  specializes 
in  analyzing  and  improving  application 
performance.  "The  issues  they're  facing  today 
are  consistent:  How  do  I  roll  out  a  growing 
portfolio  of  Web-based  applications  while 
controlling  performance,  hitting  cost  targets, 
and  maintaining  data  center  security?" 

Focused  on  application  delivery 

NetScaler,  based  in  San  Jose,  Calif.,  has  a 
solution  for  the  problems  Sevcik  describes. 
The  company  developed  its  9000  Series  of 


NetScaler  puts  it  all  together 

NetScaler  application  delivery  systems  combine  numerous  functions  tradi¬ 
tionally  provided  by  separate  appliances,  enabling  you  to  cost-effectively 
boost  the  performance,  availability  and  security  of  your  applications. 


Remote 

employees 


Customers 


Compression  SSL  Acceleration 
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apps 
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Telecommuters  Cache  VPN  DoS 

Gateway  Protection 


application  delivery  systems  to  be  the  next 
generation  of  traffic  management  devices. 
The  devices  specifically  address  the  prob¬ 
lems  associated  with  securely  delivering 
complex  enterprise  and  e-commerce  appli¬ 
cations  over  an  often  unpredictable 
Internet.  Whether  the  application  involves 

"The  issues  they're 
facing  today  are 
consistent:  How  do  I 
roll  out  Web-based 
applications  while  con¬ 
trolling  performance, 
hitting  cost  targets, 
and  maintaining  data 
center  security?" 

Peter  Sevcik,  NetForecast 


enterprise  employees  accessing  a  customer 
relationship  management  program  or  an 
online  buyer  booking  the  latest  concert 
ticket,  NetScaler's  9000  Series  can  be  a  crit¬ 
ical  success  factor  in  ensuring  applications 
meet  performance  and  security  goals. 

Hundreds  of  leading  companies  already 
depend  on  the  NetScaler  9000  Series,' 
including  ShopNBC,  an  upscale  TV  and 
Internet  retailer.  ShopNBC  significantly 
boosted  performance  for  its  dial-up  users 
and  delayed  hardware  upgrades  for  at 
least  18  months.  Another  major  retailer, 
Pacific  Sunwear,  which  has  some  880  brick 
and  mortar  stores  and  a  growing  Web  pres-1 
ence,  is  using  NetScaler's  suite  of  integrated 
technologies  to  improve  performance  and 
avoid  thousands  of  dollars  in  bandwidth 
upgrades  (see  stories,  this  and  facing  page)J 

Achieving  stellar  performance 

NetScaler  enterprise  customers  repor 
reductions  in  response  time  of  50%  or 
more  for  applications  ranging  from  Web- 
based  e-mail  to  CRM,  human  resources  and 
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financial  applications  (see  chart,  this  page). 
That  translates  into  less  time  waiting  for 
pages  to  load  and,  ultimately,  increased 
employee  productivity. 

The  results  are  similar  for  e-commerce 
and  public  content  sites.  Using  the  9000 
Series'  integrated  compression  and  TCP 
processing  capabilities,  ShopNBC  was  able 
to  reduce  download  times  for  its  home- 
page  by  33%  and  all  other  pages  by  one- 
third  to  one-half,  says  Steve  Craig,  vice 
president  and  CTO  at  ShopNBC. 

"Before  deploying  NetScaler  systems,  we 
were  faced  with  the  challenge  of  delivering 
complex  applications  to  a  broad  base  of 
users,  many  of  whom  are  still  on  dial-up," 
Craig  says.  "NetScaler  enabled  us  to 
improve  performance  while  minimizing 
server  and  overall  data  center  investments." 

Not  just  faster,  but  more  secure 

At  the  same  time  that  NetScaler  9000 
devices  improve  performance  for  end 
users,  they  also  increase  application 
security  as  a  whole.  NetScaler  offers  a 
range  of  attack  protection  capabilities, 
including  application-level  intrusion 

"NetScaler  enabled 
us  to  improve 
performance  while 
minimizing  server 
and  overall  data 
center  investments." 

Steve  Craig,  ShopNBC 


Real  customers,  impressive  results 

NetScaler  delivers  significant  Web  application  response  time  improvement. 


filtering  to  block  worms  and  viruses  such 
as  Code  Red  and  NIMDA.  The  devices 
also  defend  against  various  types  of  DoS 
attacks,  such  as  SYN  floods  and  the 
recent  MyDoom  set  of  attacks. 

"NetScaler  is  used  as  a  primary  or 
secondary  firewall  by  several  customers," 
Sevcik  says.  After  conversations  with 
several  NetScaler  enterprise  and  public 
Web  site  customers,  he  says,  "It  became 
clear  that  they  had  a  need  for  packet 


Application 

Response  Time  Improvement  (%) 

PeopleSoft 

62% 

Outlook  Web  Access 

58% 

Lotus iNotes 

55% 

e-Commerce  (ShopNBC  custom) 

33% 

Custom  portal  (online  job  search) 

60% 

SOURCE:  NetScaler  customers 

filtering  and  attack  protection,  and 
appreciated  the  fact  that  it  was  solved  as 
part  of  an  integrated  device." 

The  security  provided  by  NetScaler 
extends  to  remote  users  who  access  the 
network  via  VPNs.  The  NetScaler  9000 
family  supports  SSL-based  VPNs,  which 
enable  remote  users  of  all  types  to  securely 
access  applications  using  only  a  Web 
browser.  SSL  VPNs  can  be  configured  to 
provide  granular  access  to  specific 
applications  and  directories  —  thus 
protecting  the  rest  of  your  enterprise 
network  —  without  the  expense  and 
ongoing  complexity  of  managing  dedi¬ 
cated  client  software. 

Tallying  cost  savings 

While  NetScaler  uses  all  of  these 
techniques  to  thwart  illegitimate  traffic,  it 
also  ensures  that  all  legitimate  requests 
get  through,  improving  overall  availability. 
Rather  than  drop  connections,  as  an 
overwhelmed  Web  server  might  during 
peak  periods,  NetScaler  queues  them 
up  for  efficient  handling.  Visitors  never 
see  the  dreaded  "server  not  available" 
message. 

That  was  an  important  consideration  for 
ShopNBC  because  the  site  is  subject  to 
unpredictable  traffic  spikes,  Craig  says. 
NetScaler  enables  Craig  to  take  such  spikes 
in  stride,  rather  than  adding  horsepower 
that  will  go  unused  except  at  peak  times. 
Indeed,  he  figures  he  won't  need  to  add 
servers  for  about  18  months,  while  other 
NetScaler  customers  report  reductions  of 


75%  to  80%  in  the  number  of  servers  they 
require.  Several  NetScaler  customers  report 
savings  of  more  than  $1  -million  by  elimi¬ 
nating  the  need  to  purchase  additional 
servers  to  handle  increasing  loads. 

You  can  also  expect  large  savings  from 
reduced  bandwidth  requirements.  In  many 
instances,  the  compression  feature  alone 
will  save  customers  $20,000  per  month  in 
bandwidth  costs,  enabling  the  device  to 
pay  for  itself  in  a  matter  of  months. 

While  these  are  all  hard  cost  savings,  the 
improved  performance,  availability  and 
security  provided  by  the  NetScaler  9000 
also  bring  considerable  "soft"  cost  benefits. 
Consider  the  savings  in  productivity  when 
screens  from  important  internal  Web-based 
applications  paint  50%  more  quickly. 

Consider,  too,  the  IT  productivity  savings 
from  having  a  single  device  provide 
functions  once  performed  by  many  discrete 
appliances.  When  that  same  device  is  able 
to  defend  against  security  threats, 
including  DoS  and  worm  attacks  that 
threaten  availability,  you  can  see  how 
quickly  the  ROI  adds  up. 

Most  any  company  that's  relying  on  the 
Web  to  deliver  critical  applications 
could  benefit  from  the  type  of  perfor¬ 
mance,  availability  and  security  boost  that 
NetScaler  provides,  Sevcik  says.  "Any  com¬ 
pany  that's  doing  supply  chain  manage¬ 
ment,  reaching  out  to  business  partners  or 
using  some  customer  relationship  software 
to  address  many  users  outside  their  own 
company  —  all  of  those  could  benefit." 


Learn  more  about  accelerating 
and  securing  applications 


►  View  "Optimizing  the  Performance  of  Webified 
Applications,"  a  webcast  with  analyst  Peter  Sevcik 

►  Download  a  FREE  Application  Performance  Guide 


Pacific  Sunwear 


Vertical  industry:  Retail 

Problem:  Frequently  dropped  trans¬ 
actions  during  checkout. 

Solution:  NetScaler  9800  Secure 
Application  Switch  to  compress  data 
and  a  new  network  design  that 
incorporated  load  balancing 
between  two  Internet  T3  access 
links. 

Result:  A  50%  reduction  in  band¬ 
width  utilization  and  "a  signifi¬ 
cantly  improved  customer 
experience,  ultimately  lead¬ 
ing  to  an  increase  in  sales. " 

Cost  savings:  Avoided  $30,000 
investment  in  dedicated  load  bal¬ 
ancer  and  "many  thousands  of  dol¬ 
lars"  in  bandwidth  upgrades  and 
additional  capital  equipment.  ROI 
achieved  in  two  months. 


Pacific  Sunwear  operates  some  880 
brick  and  mortar  stores,  selling  more 
than  30  popular  surf  and  skate  brands 
including  Billabong,  Dickies,  Quicksilver 
and  Fossil. 

Although 
Pacific  Sun- 


PRcsun 


wear  is  con¬ 
nected  to 
the  Internet  by  two  1 0M  bps  circuits, 
customers  were  experiencing  dropped 
transactions  in  the  middle  of  the  elec¬ 
tronic  checkout  line  during  high  volume 
periods.  The  company's  IS  department 
addressed  this  problem  by  installing 
NetScaler's  9800  Secure  Application 
Switch.  The  NetScaler  system's  compres¬ 
sion  capability  immediately  reduced 
bandwidth  requirements  by  50%,  with 
no  need  for  customers  to  download  any 
special  software.  After  the  NetScaler 
9000  Series  systems  were  deployed,  the 
congestion  that  was  at  the  root  of  the 
checkout  problem  was  gone. 

"There's  no  downside  whatsoever  to 
the  NetScaler  installation  -  it's  been  a 
win-win  situation  across  the  board,"  says 
Dwayne  Russell,  director  of  technical  ser¬ 
vices  for  Pacific  Sunwear.  "Our  cus¬ 
tomers  are  extremely  happy  because 
they  have  fast,  reliable  connections  to 
the  site.  IT  management  is  happy 
because  we  are  maximizing  the  utiliza¬ 
tion  of  our  existing  network  resources, 
and  our  e-commerce  call  center  team  is 
ecstatic  because  the  dropped  transac¬ 
tions  have  stopped  entirely.  Marketing 
and  merchandising  are  delighted 
because  we've  seen  marked  improve¬ 
ments  in  sales.  And  our  finance  team  is 
pleased  because  we  improved  our  site's 
performance  at  half  the  projected  cost.” 
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EYE  ON  THE 
CARRIERS 

Johna  Till 
Johnson 


It’s  not  news  that  many  telcos  were 
grossly  mismanaged  during  the  last 
decade.  Unfortunately,  it  seems  that 
many  telecom  corporate  boards  still  don’t 
get  it  when  it  comes  to  running  companies 
in  this  millennium. 

Sanity  check:  Research  firm  Glass  Lewis 
recently  conducted  a  review  of  CEO  pay- 
checks  at  444  public  companies.  They 
divided  CEOs  into  “underpaid”  and  “over- 
paid”by  assessing  both  CEO  compensation 
and  company  performance  relative  to 
peers.  “Underpaid”  CEOs  made  less  than 
the  average  for  their  peer  groups  while 
their  companies  performed  better  than 
average.  (Compensation  included  not  just 


Telecom  boards: 

paychecks  but  bonuses,  additional  com¬ 
pensation  and  recently  granted  stock 
options.) 

“Overpaid”  CEOs  were  the  opposite.They 
made  more  than  average  while  their  com¬ 
panies’  performance  was  below  average. 
Performance  was  rated  based  on  six  com¬ 
mon  financial  assessments,  and  corporate 
“peer  groups”  were  based  on  a  mix  of  com¬ 
panies  of  similar  value,  similar  size  in  the 
same  industry  and  companies  in  the  same 
segment  of  an  industry 

In  some  respects,  the  “underpaid”  and 
“overpaid” classifications  are  rough  proxies 
for  how  well  managed  a  firm  is.  It’s  simply 
not  good  business  practices  to  overpay 
employees  —  even  the  CEO.  A  corporate 
board  that  lets  cronyism,  executive  greed, 
or  out-and-out  lethargy  override  sound 
business  practices  in  one  area  is  highly 
unlikely  to  be  a  shining  example  of  disci¬ 
plined  business  practices  in  other  areas. 

You  can  guess  where  I’m  going  with  this. 


Vanguard  tackles  VoIP, 
apps  performance  mgmt. 


■  BY  TIM  GREENE 

Vanguard  Managed  Services  says  it 
now  can  install,  monitor  and  manage  IP 
telephony  networks  for  businesses,  free¬ 
ing  up  staff  time  to  perform  more  critical 
functions. 

The  company’s  new  VanguardMS’ 
Careguard  Managed  IP  Telephony 
Solution,  being  introduced  this  week  at 
NetWorld+Interop  2004  Las  Vegas, 
includes  an  assessment  of  customers’  net¬ 
works,  design,  configura¬ 
tion,  installation,  manage¬ 
ment  and  monitoring  of 
the  network. 

The  provider  is  deliver¬ 
ing  the  service  in  partner¬ 
ship  with  ShoreTel,  which  provides  the 
phones  and  IP  PBXs.If  other  network  gear 
needs  upgrading,  Vanguard  uses  its  own 
routers  and  HP-based  LAN  switches,  or 
those  of  another  vendor  if  the  customer 
prefers. 

Turning  the  monitoring  and  manage¬ 
ment  of  its  ShoreTel  gear  over  to  Vanguard 
saves  Larry  Woodall  about  a  half  hour  per 
day  says  the  telecom  analyst  for  National 
Commerce  Financial  in  Durham,  N.C.  In 
most  cases  the  trouble  turns  out  to  be  that 
someone  has  unplugged  an  IP  phone  or 
turned  off  a  power  strip,  he  says. 

In  these  cases,  Vanguard  contacts 
National  Commerce’s  help  desk,  which  can 
generally  talk  the  end  user  through  resolv¬ 
ing  the  problem, Woodall  says.“I  don’t  have 
to  come  in  in  the  morning  and  look  at  the 
stuff,”  he  says. 

In  addition, Vanguard  is  monitoring  CPU 
use  of  the  ShoreTel  telephony  server, 
something  National  Commerce  would  not 


likely  do  on  its  own,  Woodall  says.  The 
provider  also  monitors  quality  of  service 
for  voice  traffic  and  bandwidth  use,  and 
provides  a  monthly  performance  report.  It 
also  conducts  a  quarterly  review  of  the 
network  to  suggest  changes  to  improve 
voice  quality 

With  Careguard  Managed  IP  Telephony, 
customers  buy  the  hardware  and  pay  a 
monthly  fee  based  on  how  many  services 
they  opt  for,  the  number  of  devices  moni¬ 
tored  and  whether  customers  are  using 
other  Vanguard  services. 

Vanguard  also  is  an¬ 
nouncing  Careguard  for 
Application  Perfor¬ 
mance,  which  monitors 
specified  software  appli¬ 
cations  and  makes  adjustments  to 
ensure  they  are  performing  up  to  set 
standards.  The  provider  draws  perfor¬ 
mance  data  from  network  switches, 
routers  and  servers,  and  from  its  own 
probes  to  analyze  traffic  flows  and  band¬ 
width  consumption. 

The  price  of  Careguard  for  Application 
Performance  is  based  on  the  number  of 
devices  monitored  and  the  number  of 
applications  managed. 

This  new  service  is  part  of  a  broader 
grouping  from  Vanguard  called  CareWorks 
that  includes  monitoring  of  transactions, 
servers  and  operating  systems,  traffic  flow, 
quality  of  service  and  network  security 

Vanguard  sells  its  services  directly  to  busi¬ 
nesses  and  is  the  outsourced  provider  of 
some  AT&T  managed  services.  Vanguard 
specializes  in  serving  retail  and  financial 
services  companies  and  others  that  have 
large  numbers  of  sites,  but  lack  highly 
trained  IT  staff  at  each  site.  ■ 


+  INTEROP 


Wake  up! 


Not  one  telecom  CEO  made  it  into  the 
“underpaid”  CEO  ranks.  But  the  CEOs  of 
Sprint,  Verizon,  Qwest  and  SBC  all  showed 
up  in  the  ranks  of  the  overpaid.  By  Glass 
Lewis’  figures,  all  four  companies  under- 
performed  in  2003  —  while  reportedly  pay¬ 
ing  their  leaders  record  rates.  Qwest’s 
Richard  Notebaert  made  $9.6  million  last 
year,  with  Verizon’s  Ivan  Siedenberg  com¬ 
ing  in  at  $15.5  million  and  both  SBC’s 


mediocre  performance  with  record  com¬ 
pensation  is  asleep  at  the  switch. 

Not  every  telecom  board  is  so  sloppy.  I 
was  delighted  to  see  that  the  boards  of 
leading  telcos  and  equipment  providers 
such  as  Avaya,  AT&T,  Cisco  and  Lucent 
appear  to  believe  in  performance-based 
pay  Hats  off  to  Nortel’s  board,  which  recent¬ 
ly  took  the  difficult  and  painful  —  but  nec¬ 
essary  —  step  of  firing  the  firm’s  CEO  for 


Not  one  telecom  CEO  made  it  into  the  'underpaid' 
CEO  ranks.  But  the  CEOs  of  Sprint  Verizon,  Qwest 
and  SBC  all  showed  up  in  the  ranks  of  the  overpaid. 


Edward  Whitacre  Jr.  and  Sprint’s  Gary 
Forsee  bringing  home  between  $25  million 
and  $26  million.  Qwest  and  Verizon  per¬ 
formed  in  the  lowest  quartile  of  their  peer 
groups,  while  the  other  two  performed  in 
the  lower  half. 

Don’t  get  me  wrong,  I  have  nothing 
against  lavish  executive  pay  —  particularly 
for  CEOs  who  deliver.  I  don’t  even  fault 
CEOs  for  negotiating  the  highest  possible 
compensation  for  themselves.  But  a  corpo¬ 
rate  board’s  job  is  to  provide  executive 
oversight,  and  a  board  that  rewards 


financial  irregularities  that  occurred  on  his 
watch.  Finally,  MCI  retained  overseer 
Richard  Breeden  to  closely  manage  the 
carrier  as  it  emerges  from  bankruptcy  — 
including  keeping  a  lid  on  CEO  Michael 
Capellas’  compensation  requests.  Way  to 
go,  guys.  Let’s  hope  the  rest  of  the  telecom 
industry  learns  from  your  example. 

Johnson  is  president  and  chief  research 
officer  at  Nemertes  Research,  an  indepen¬ 
dent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


MCI 

continued  from  page  37 

The  majority  of  MCI’s  capital  expendi¬ 
tures  will  go  toward  back-office  system 
consolidation,  and  service  and  product 
development, says  Jack  Wimmer,  vice  pres¬ 
ident  of  network  architecture  and  ad¬ 
vanced  technology.  MCI  is  emphasizing 
security  and  VoIP  service  developments, 
he  says. 

Wimmer  says  the  $38  billion  MCI  spent 
before  filing  for  bankruptcy  puts  the  carri¬ 
er  in  good  shape  to  roll  out  new  services 
without  major  network  overhauls. 

Infonetics’  Mitchell  says  MCI  spent  an 
“absurd”  amount  on  its  network  in  2000 
and  2001,  25%  and  35%  of  revenue, 
respectively.  But  as  with  all  other 
providers,  spending  was  cut  back  dra¬ 
matically  in  2002. 

MCI  also  plans  to  keep  operating 
expenses  in  check,  in  part  by  consolidat¬ 
ing  its  access,  edge  and  core  network 
facilities. 

For  example,  the  carrier  plans  this  year 
to  deploy  multi-service  edge  devices  to 
eliminate  the  need  to  support  multiple 


types  of  devices  depending  on  which 
data  network  customers  are  accessing. 
Within  the  next  six  months,  the  carrier 
will  detail  plans  to  lower  its  access 
costs  and  offer  users  more  flexibility, 
Wimmer  says. 

The  carrier  also  is  consolidating  its 
networks  at  the  core.  Late  last  year  MCI 
moved  all  former  Intermedia  frame 
relay  customers  to  its  frame  relay  net¬ 
work.  The  Intermedia  frame  network 
was  one  of  three  the  carrier  has  been 
supporting  for  years. 

The  other  frame  relay  infrastructure  is 
WorldCom’s  old  network. 

MCI  has  emerged  from  bankruptcy  with 
$5.7  billion  in  debt,  lower  than  its  main 
competitors  AT&T  ($8.7  billion)  and 
Sprint  ($16.4  billion).  MCI  also  emerged 
with  about  $5.6  billion  in  cash,  about  $2 
billion  of  which  it  will  spend  to  settle 
some  of  its  bankruptcy  claims.  MCI  says  it 
expects  to  generate  about  $800  million  in 
cash  this  year. 

Despite  the  cash  influx,  MCI  says  it  likely 
will  post  a  net  loss  for  2004.  Neither  AT&T 
nor  Sprint  has  given  Wall  Street  compara¬ 
ble  guidance.* 


Hate  hunting  for  stories  on  a  specific  topic?  Let  the  news  come  to  you 
with  Network  World’s  latest  news  alerts  —  with  focuses  on  security, 
financials,  standards,  trade  show  news  and  vendor-specific  news. 
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Access  Management.  Application  Security.  Application  Acceleration 
Learn  more  about  Enterprise  /  Service  Provider  Class  SSL  VPN  and 
Application  Acceleration  solutions  from  Array  Networks. 

Goto:  www.arraynetworks.net/nw 
Or  call:  1-866-MY-ARRAY  today 


Our  customers 
Our  competitors 
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ArrayNetworks® 

The  Application  Networking  Company 


www.arraynetworks.net 
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to  take 
management 
next  level? 


Current  methods  of  managing  traffic  by  establishing  Take  traffic  management  to  the  next  level  by  deploying  application  acceleration  and  bandwidth 
and  constantly  tweaking  policies  are  labor-intensive  efficiency  tools  that  reduce  WAN  costs  and  improve  response  times.  Expand  Networks  offers  a 

and  inefficient.  complete  framework  for  easily — and  automatically — improving  the  performance  of  distributed 

enterprise  applications. 

Accelerator  "  appliances  allow  you  to  increase  average  network  capacity  and  improve  application 
response  times  by  100-400%,  stop  bandwidth  abuse  and  align  network  resources  with  business 
priorities.  Learn  how  to  gain  an  accelerated  ROI  in  3-9  months,  and  find  out  why  more  than  1,000 
customers  have  already  deployed  more  than  20,000  Accelerators  in  over  70  countries. 


Reap  the  rewards  of  automated  application  traffic  management  today. 

Try  our  demo  at  www.expand.com/demo 


EXPAND 


networks 


Accelerator  and  Expand  Networks  are  trademarks  of  Expand  Networks,  Inc. 
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■  PRODUCTS,  SERVICES  AND  STRATEGIES 

FOR  TYING  TELEWORKERS  TO  THE  ENTERPRISE 


New  access  services  meet  SOHO  needs 


Anytime  access 

New  services  make  ad  hoc  secure  data  connections  easy  and  affordable. 

Company:  Positive  Networks 
Product:  PositivePro;  PositivePro  WebTop 
URL:  www.positivenetworks.com 

Price:  10  users:  $199  per  month  plus  $900  setup  fee.  Fee  is  halved  for  users  who 
sign  up  for  a  one-year  contract,  waived  for  those  signing  up  for  two  years. 

Access:  Full  VPN  access  to  servers,  e-mail,  client-server  applications,  desktop 
remote  access. 


Company:  RemotelyAnywhere 
Product:  LogMeln 
URL:  secure.logmein.com 

Price:  $20  per  month  for  two  PCs;  $10  per  month  for  additional  PCs.  Or,  $100  per 
year  for  two  PCs;  $80  for  additional  PCs. 

Access:  Between  workstation  PC  resources  (applications,  data)  and  browser-based 
devices. 


Company:  ByteTaxi 
Product:  FolderShare 
URL:  www.foldershare.com 

Price:  $5.90  per  user,  per  month;  free  trial  version  lacks  file  compression,  encryption 
and  remote  synchronization. 

Access: To  files  and  folders  on  two  disparate  systems. 


■  BY  TONI  KISTNER 

Since  Citrix  Systems  validated  GoToMyPC 
by  buying  ExpertCity  earlier  this  year, a  new 
crop  of  small  service  providers  are  stand¬ 
ing  a  lot  taller. 

Three  companies  —  Positive  Networks, 
RemotelyAnywhere  and  ByteTaxi  —  each 
recently  rolled  out  simple,  secure  and 
affordable  remote-access  services  for  small 
and  midsize  businesses  and  professional 
users  where  a  VPN  is  a  bad  fit. 

Full  access 

Fbsitive’s  FbsitivePro  service  provides  a 
168-bit  encrypted  IPSec  VPN  tunnel  to  all 
network  resources. The  client  version  gives 
users  a  full  LAN  connection  over  Secure 
Sockets  Layer  VPN.  PositivePro  WebTop  pro¬ 
vides  access  via  any  Web  browser  to 
e-mail,  files,  drive  shares,  the  company 


■  Intellon  and  Comcast  Cable 

jointly  announced  a  market  trial  of 
Intellon’s  HomePlug  technology. 
HomePlug  1.0  technology  transmits 
data  at  14M  bit/sec  over  residential 
power  lines.  Comcast  plans  to  use 
HomePlug  for  cable  modem  installa¬ 
tions  and  home  networks.  Intellon  also 
announced  a  partnership  with  music 
TV  network  Music  Choice  to  demon¬ 
strate  a  HomePlug  audio  system. 
Service  providers  will  be  able  to  offer 
customers  the  ability  to  stream  Win¬ 
dows  Media  Audio  files  from  a  PC 
from  a  cable  box  to  a  HomePlug  audio 
device  plugged  into  a  power  outlet. 

■  Motorola  announced  its  Home 
Media  Architecture,  a  system  that 
will  let  service  providers  offer  multi¬ 
room  digital  video  recording  and 
media  distribution  to  their  customers. 
HMA  works  with  legacy  digital  set-top 
boxes  and  interactive  program  guide 
and  video-on-demand  applications. 
Service  providers  can  use  the  HMA 
platform  to  offer  IP- based  services 
such  as  home  security  monitoring, 
smart  home  management,  remote 
education  and  health  management. 


intranet  and  client-server  applications. 
FbsitivePro  has  a  host  of  features,  including 
remote  desktop  access  like  GoToMyPC. 
Other  features  include  a  personal  firewall 
for  each  connected  system,  anti-virus  pro¬ 
tection,  support  for  SecurlD  and  other  ad¬ 
vanced  security  schemes,  network  re¬ 
porting,  drive  sharing,  data  backup,  private 
file  areas  where  folders  and  drives  are  hid¬ 
den  until  the  user  is  authenticated,  and  re¬ 
mote  application  distribution. 

The  company  differentiates  itself  from 
other  VPN  service  providers  by  offering  fast 
deployment  at  an  affordable  price. 

“We’ve  opened  this  up  to  a  group  of  users 
who  couldn’t  even  consider  remote  ac¬ 
cess,”  says  Evan  Conway,  Positive’s  executive 
vice  president  of  marketing.  “We  get  calls 
from  companies  that  are  stuck,  saying  ‘My 
boss  needs  remote  access  for  next  week.’ 
We  say‘How  about  by  this  evening?”’ 

The  user  downloads  the  FbsitivePro  client 
onto  any  network  server.  Positive  connects 
to  it  and  then  creates  a  VPN  tunnel  between 
its  data  center  and  the  customer’s  network. 
Next,  a  support  engineer  configures  each 
user’s  access  over  the  phone  using  its  pol¬ 
icy  manager,  a  Web-based  tool  that  auto¬ 
matically  maps  the  appropriate  resources. 
The  time  from  when  a  user  calls  Positive  to 
when  his  first  remote  user  is  activated  can 
be  as  little  as  one  hour,  Conway  says. 

Positive  targets  companies  with  between 
50  to  1,000  users.“There  are  600,000  busi¬ 
nesses  between  50  and  1 ,000  employees, 
and  they  don’t  know  what  they’re  doing 
when  it  comes  to  remote  access,”  Conway 
says.  “The  75-person  shop  has  one  IT  guy 
who’s  job  it  is  to  fix  PC  crashes  and  keep  the 
LAN  up  and  running,  not  to  understand  the 
inner  workings  of  remote-access  security” 

Workstation  access 

Since  1999,  RemotelyAnywhere  has 
offered  remote  system  administration  and 
performance-monitoring  services  to  large 
companies,  mainly  in  Europe.The  tools  are 
highly  secure  and  include  a  file  manage¬ 
ment  system  that  transfers  only  file 
changes.  A  year  ago,  when  the  company 
realized  its  customers  used  them  for  re¬ 
mote  access,  the  company  built  LogMeln, a 
remote  desktop  access  service  similar  to 
GoToMyPC.  RemotelyAnywhere  hosts  for 
each  client  a  dedicated  gateway  which  re¬ 
mote  users  connect  to  gain  access  to  their 
computer. 

“A  lot  of  times  a  VPN  isn’t  practical 
[given]  the  cost  and  time  to  deploy  Or  you 
need  a  system  at  a  user  site  temporarily” 


says  Michael  Simon,  CEO  of  the  company. 

Target  machines  need  to  be  Windows  sys¬ 
tems,  but  LogMeln  lets  users  connect  from 
any  browser-based  device.  By  connecting 
Windows  machines,  you  can  perform  re¬ 
mote  printing  —  meaning  you  can  open 
Quicken  at  the  desktop  in  the  office  and 
print  a  spreadsheet  to  your  home  local 
printer.  The  Click2Share  option  lets  you 
share  large  files  securely 

Because  the  original  product  was  built 
for  mission-critical  server  maintenance, 
LogMeln  includes  powerful  security.  The 
datastream  is  128-bit  or  256-bit  encrypted. 
Unlike  GoToMyPC  Personal  Edition, 
LogMeln  doesn’t  bypass  the  network’s 
authentication  systems,  but  forces  you  to 
use  them  to  access  the  target  system.  An 
active  defense  layer  creates  a  blacklist  of  IP 
addresses  that  have  failed  three  times  to 
gain  access  to  the  PC.  For  small  companies 
and  individual  users,  RemotelyAnywhere 
offers  an  optional  two-factor  authentica¬ 
tion  system  that  requires  username,  pass¬ 
word  and  an  authentication  code  gener¬ 
ated  by  a  wireless  e-mail  device  the  com¬ 
pany  provides. 

“The  remote-access  battle  will  be  won  on 
the  security  front,”  Simon  says. 


Workstation  file  access  and  sharing 

For  single  users  and  companies  with  up 
to  50  users  that  just  need  a  better  way  to 
manage  data  between  PCs  —  share  it,  sync 
it,  remotely  access  it  —  there’s  ByteTaxi 
FolderShare.  Users  download  an  850K 
client  on  the  target  machine  and  on  the 
client  machine.  Requests  go  through  Byte- 
Taxi’s  network,  which  uses  RSA  Security 
key  certificates  to  authenticate  clients. The 
clients  also  authenticate  one  another 
through  the  server  before  each  transfer.The 
data  stream  is  256-bit  encrypted. 

Users  then  create  and  name  a  Folder¬ 
Share  library  a  data  repository  that  sits  on 
both  machines.  Changes  to  the  data  are 
updated  and  files  synchronized  automati¬ 
cally.  When  users  go  on  the  road  and  want 
to  access  a  FolderShare  library  but  don’t 
want  to  download  all  the  files,  they  can 
configure  the  system  to  synchronize  file 
placeholders  and  then  select  only  the  files 
needed  for  download. 

“We’ve  created  a  straight,  secure,  file¬ 
sharing  environment  that  works  in  the 
background  so  you  never  have  to  worry 
about  it,”  says  FolderShare  President 
Michael  Merhej. 

Friends  and  colleagues  can  share  access 
to  various  FolderShare  libraries.  ■ 
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Broadcom  also  simplifies  WLAN  security  setup 


For  a  little  while  there,  Buffalo  Tech¬ 
nology  was  a  superhero.  It  was  the 
only  wireless  LAN  maker  to  acknowl¬ 
edge  that  selling  boxes  with  disabled  secu¬ 
rity  wasn’t  just  ethically  suspect  but  stupid 


business, and  the  only  one  to  come  up  with 
a  system  that  configures  Wired  Equivalent 
Privacy  and  Wi-Fi  Protected  Access  with 
the  push  of  a  button  (see  www.nwfusion. 
com,  DocFinder:  1935). 


The  reason  the  world's  leading  companies 
rely  on  Equant  for  their  global  communications 


Your  business  communications  can't  be 
left  to  chance.  Fortunately,  there's  a 
provider  with  the  track  record  to  inspire 
your  confidence.  An  innovator  with  over  5  years 
experience  using  convergence-ready  MPLS 
technology  that  powers  business  solutions 
for  over  1100  companies.  A  provider  trusted 
by  the  world's  leading  companies. 

That  provider  is  Equant. 

Seamless.  And  that  trust  doesn't  stop  at 
any  border  -  because  Equant  is  everywhere. 
With  people  in  165  offices,  a  seamless  global 
network  that  covers  220  countries  and 
territories,  and  supported  locally  in  the  local 
language.  Our  customized  communication 
solutions  can  enable  your  key  business 
processes  wherever  you  want  to  do  business  - 
including  emerging  markets  like  India  and  China. 


Stable.  What's  more,  you  can  trust  us 
to  deliver  real  results  for  business  critical  needs. 
Solid  financials  and  steady  growth,  on  both 
client  list  and  balance  sheet.  But  don't  take 
our  word  for  it;  analysts  have  praised  Equant's 
solutions  for  global  businesses  for  years. 

Demonstrating  business  value.  And  that's 
how  we'll  earn  your  trust  -  by  understanding 
your  business  before  talking  technology. 

Our  approach  is  consultative,  not  hard-sell; 
our  people  build  relationships  by  demonstrating 
business  value  with  the  more  than  80  proven 
Equant  products  and  solutions.  We'd  like 
to  start  proving  ourselves  to  you  today. 

Go  to  the  link  below  and  see  why  Equant 
is  worthy  of  your  trust. 

www.equant.com/usa 


(^equant 


Creating  answers  together. 


Now  it  turns  out,  Broadcom’s  been  wear¬ 
ing  the  big  S  under  its  shirt,  too. 

Last  week,  the  leading  WLAN  chip  maker 
announced  a  new  version  of  its  802.1  lg 
chipset,  branded  54g,that  greatly  simplifies 
the  Service  Set  Identifier  (SSID)  and  WPA 
setup,  and  extends  the  range  of  a  54g  LAN 
up  to  50%, according  to  Jeff  Abramowitz, 
Broadcom’s  senior  director  of  marketing. 

The  week  before,  Broadcom  demon¬ 
strated  a  beta  version  of  the  technology 
—  SecureEZSetup  —  for  me  in  New  York. 
Or,  more  accurately,  I  configured  WPA  on 
Broadcom’s  WLAN.  What  did  it  take?  I  in¬ 
stalled  the  SecureEZSetup  software  on  the 
client,  and  the  software  found  the  router.  A 
wizard  popped  up  asking  me  to  choose 
from  three  questions  —  mother’s  maiden 
name,  street  you  grew  up  on,  pet’s  name. 
Then  it  asked  for  my  birthdate.  Oh  —  and  I 
had  to  click  OK,  too. 

In  answering  those  two  questions  I’d  con¬ 
figured  the  SSID  and  WPA,  the  strongest 
wireless  security  available.  Configuring 
WPA  this  way  is  more  secure  than  typing  in 
keys  you  make  up  yourself  because 
SecureEZSetup  generates  the  keys  ran¬ 
domly  so  they’re  harder  to  crack,  says 
David  Cohen,  Broadcom’s  senior  product 
marketing  manager  and  chairman  of  the 
Wi-Fi  Alliance’s  security  committee. 

Considering  Wal-Mart  now  sells  Linksys 
WLAN  gear, and  80%  of  wireless  users  don’t 
set  up  security  according  to  market  re¬ 
search  firm  Forward  Concepts,  it  really  has 
to  be  this  easy 

Products  from  Linksys  and  others 
stamped  with  the  SecureEZSetup  logo  are 
expected  in  the  coming  months. 

But  wouldn’t  it  be  great  if  we  didn’t  need 
a  special  logo  —  if  automatic  security  con¬ 
figuration  was  built  into  the  802.1 1  specifi¬ 
cation,  standardized  by  the  Wi-Fi  Alliance? 
Coincidentally,  the  group’s  managing  direc¬ 
tor,  Frank  Hanzlik,  also  was  touring  the 
Northeast;  Cohen  said  he  and  Abramowitz 
are  trying  to  set  up  a  meeting. 

Given  that  Broadcom  claims  more  than 
70%  of  the  PC-based  WLAN  chip  market, 
where  does  SecureEZSetup  leave  Buffalo? 

Morikazu  Sano,  Buffalo’s  vice  president,  is 
unfazed.  Broadcom  is  concentrating  on 
the  PC  and  WLAN  vendors,  and  Buffalo  on 
the  consumer  electronics  manufacturers. 

“We’re  foreseeing  a  time  when  the  digital 
home  network  is  wireless,  and  vendors 
need  to  provide  a  stress-free  environment,” 
Sano  says. 

“We’re  targeting  a  market  where  you 
don’t  need  a  PC,  that’s  why  we  have  a  phys¬ 
ical  button.  With  Broadcom’s,  you  have  to 
type.We  don’t  even  require  that, ’’Sano  adds. 

Two  questions,  or  a  button?  That’s  a  tough 
one.  If  you’re  helping  your  mom  set  up  a 
WLAN  from  scratch,  go  with  Buffalo  AOSS. 
Mixed-vendor  networks  should  go  with 
Broadcom  gear.  If  Buffalo  uses  the  new  54g 
chips,  you’ll  get  both. 


Kistner  is  managing  editor  of  the 
Net.  Worker  section  of  Network  World.  She 
can  be  reached  at  tkistner@nww.com. 
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Networks  that  Know 


See  us  at  NetWorld+Interop  2004 
Booth  #2029 


These  days,  no  network  is  free  of  threats.  That’s  why  you  have  to  assign  network  security  privileges  to  everyone. 
Employees,  customers,  and  partners.  You  need  to  set  an  acceptable  use  policy  that  dictates  what  each  of  them  can 
and  can’t  access.  Until  now,  you  had  to  do  this  manually. 


Not  anymore.  Now  you  can  do  what  Baylor  University  did.  Implement  an  Enterasys  Secure  Networks™  solution  with 
a  unique,  policy-based  system  that  empowers  the  network  to  allocate  resources  based  on  specific  users  and  their 
roles.  The  network  “sees”  who  the  user  is  and  assigns  privileges  accordingly.  This  improved  control  also  gives  you 
more  security. 

It’s  all  about  giving  you  a  smarter  way  to  network  with  central,  intuitive  management.  Find  out  more  by  visiting 
enterasys.com/seconds.  Or  ask  any  one  of  the  many  enterprise  customers  we’ve  worked  with  for  years. 


Safe,  simple  roaming  around 
the  world  and— for  the  first 
time— around  the  workplace. 

Now,  everywhere  is  There. 


If  iPass  can  deliver  secure,  reliable  connections 
in  over  150  countries,  why  not  do  the  same 
in  your  office?  Now  the  iPass®  Wireless 
LAN  Roaming  service  lets  you  integrate 
corporate  WLANs  into  your  connectivity 
mix — weaving  a  world  of  dial-up,  Ethernet 
and  Wi-Fi  connections  into  a  single,  policy- 
managed  solution.  So  even  when  your  users 
are  Here,  they’re  There. 

<S)200*  iPoss  Inc.  fill  Rights  Reserved. 

iPass  and  the  iPoss  logo  ore  registered  trodemarks  of  iPass  Inc. 


Get  the  iPass  Security 
Best  Practices  Guide. 

www.iPassIsThere.com 
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■  AN  INSIDE  LOOK  AT  THE 
TECHNOLOGIES  AND  STANDARDS 
SHAPING  YOUR  NETWORK 


Proxy  appliances  control  Web  access 


HOW  IT  WORKS 


Proxy  appliance 


Positioning  a  proxy  appliance  between  users  and  the 
Internet  provides  control  of  Web-based  activities. 
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O  User  logs  on  to  network  through  a  proxy  appliance  and  authentication  service. 

©  The  user  sends  Web  content  or  Web  application  requests  to  the  proxy. 

©  The  proxy  appliance  forwards  requests  for  Web  content  to  the  Web  server. 

©  The  Web  servers  respond  and  direct  content  to  the  proxy  appliance. 

©  The  proxy  appliance  applies  policy  restrictions  if  needed  to  incoming  content  or  Web  applications. 
0  The  proxy  appliance  sends  content  and  server  response  messages  back  to  the  user. 


■  BY  JEFF  HUGHES 

Pervasive  Internet  access  and  the  rela¬ 
tive  ease  of  installing  Web-based  applica¬ 
tions  have  empowered  users  with  the 
means  to  quickly  load  browser-based 
e-mail,  instant  messaging,  peer-to-peer  file¬ 
sharing  clients  and  more  on  enterprise 
networks. 

As  the  use  of  these  Web-based  applica¬ 
tions  and  the  traffic  they  generate  contin¬ 
ues  to  accelerate,  IT  staffs  are  deploying 
proxy  appliances  to  safeguard  against  the 
liability,  productivity  and  security  risks 
introduced  when  unsanctioned  Internet 
applications  are  randomly  installed  on 
the  corporate  network. 

A  proxy  appliance  is  positioned 
between  users  on  a  network  and  the 
Internet  and  serves  as  a  central  point  of 
control  over  employee  Internet  use.  A  ter¬ 
mination  point  for  Web  communications 
on  the  network,  the  proxy  appliance  can 
apply  numerous  policy-based  controls  to 
Web  traffic  and  requests  before  delivering 
content  to  end  users. 

Setting  up  a  proxy  appliance  requires 
only  a  network  connection  and  an  IP 
address.The  appliance  is  installed  behind 
or  in  parallel  with  the  network  firewall  to 
intercept  Web  protocol  traffic  such  as 
HTTP  HTTPS,  FTP  IM  and  SOCKS. 

When  a  user  first  attempts  to  access  the 
Internet  or  launch  a  Web-based  applica¬ 
tion,  the  proxy  appliance  goes  to  work  by 
prompting  the  user  to  present  his  network 
credentials.  This  is  executed  in  concert 
with  the  organizations  existing  authentica¬ 
tion  service,  such  as  Lightweight  Directory 
Access  Protocol,  Windows  domain  and 
RADIUS.  After  the  initial  logon,  the  proxy 
appliance  recognizes  the  users  credentials 


and  transparently  applies  policy  controls 
to  all  subsequent  Web  requests. 

From  this  point  forward,  policy  controls 
are  enforced  for  everything  a  user  does 
on  the  Web. This  control  is  based  on  a  set 
of  comprehensive  triggers, such  as  time  of 
day,  location,  protocol, user  agent  and  con¬ 
tent  type.  Any  one  of  these  triggers 
prompts  the  proxy  appliance  to  enforce 
any  number  of  actions  established  by  an 
administrator,  such  as  allow,  deny,  notify, 
transform  content,  rewrite  header  and 
remove-and-replace.  These  fine-tuned 
controls  can  be  applied  across  an  organi¬ 
zation  or  to  one  user,  regardless  of  where 
the  user  logs  on. 

After  policy  is  applied  to  a  user’s  re¬ 


quest,  Web  communication  is  sent  to  the 
Web  server.  Web  servers  respond  and 
direct  Web  content  back  to  the  proxy 
appliance,  where  additional  policy  con¬ 
trols,  if  configured, can  be  enforced  on  the 
incoming  content. 

As  an  example,  an  outbound  request 
might  contain  a  peer-to-peer  user  agent 
type  that  corporate  policy  does  not  per¬ 
mit.  The  peer-to-peer  request  can  be 
blocked,  and  the  user  can  be  notified  that 
the  request  has  been  denied.  Other  re¬ 
quests  not  subject  to  the  policy  are  for¬ 
warded  to  the  external  destination  server, 
where  the  server  then  responds  to  the 
proxy’s  request  for  content. 

Because  a  proxy  appliance  sits  in  the 


middle  of  all  Web  communications,  it  is  an 
ideal  platform  on  which  to  run  multiple 
security  functions,  including  URL  filtering, 
IM  control,  content  security  and  Web  virus 
scanning.  URL  filtering  installed  on  the 
appliance,  for  example,  achieves  dramatic 
performance  gains  through  the  combina¬ 
tion  of  integrated  caching  and  dedicated 
hardware.  Content  security  lets  an  admin¬ 
istrator  configure  policy  to  block  Multi¬ 
purpose  Internet  Mail  Extensions  types 
and  file  extensions,  strip  and  replace 
active  content,  restrict  uploads  or  down¬ 
loads,  rewrite  or  suppress  headers,  and 
apply  method-level  protocol  controls. 

For  additional  performance  gains,  ad¬ 
ministrators  can  purchase  proxy  appli¬ 
ances  with  multiple  processors  and 
extensible  hardware  options  such  as  mul¬ 
tiple  disk  drives,  interfaces,  memory, 
bridging  and  Secure  Sockets  Layer  accel¬ 
erator  cards. 

Pumping  up  performance 

In  the  past,  software-based  proxy 
servers  provided  sufficient  levels  of  Web 
control.  However,  administrators  are  feel¬ 
ing  the  pain  as  they  attempt  to  patch  and 
maintain  software-based  proxies  in  the 
face  of  relentless  security  threats  and 
more  highly  saturated  Web  environ¬ 
ments  that  demand  increased  perfor¬ 
mance.  A  proxy  appliance  provides 
abundant  policy  controls  wrapped  in 
performance-based  hardware  to  give 
organizations  a  viable  option  for  gaining 
visibility  and  control  over  their  employ¬ 
ees’ Web  communications. 

Hughes  is  director  of  technical  marketing 
for  Blue  Coat  Systems.  He  can  be  reached 
at  jeff.hughes@bluecoat.com. 


Dr.  Internet  By  Steve  Blass 

Is  there  an  easy  way  to  add  WYSIWYG  editing 
controls  such  as  boldface,  italics  and  spell¬ 
check  to  HTML  Web  page  text-entry  forms? 

HTMLArea,  available  at  www.nwfusion.com,  Doc 
Finder:  1931,  is  a  free  server  tool  that  provides 
WYSIWYG  text  editing  and  spell  checking  for  Web 
forms.  HTMLArea  uses  JavaScript  and  Cascading 
Style  Sheets  (CSS)  to  replace  Web-form  text 
areas  with  a  word-processing  interface.  Boldface, 


italic,  justification  and  other  features  are  provided, 
along  with  cut,  paste  and  a  clipboard.  To  install, 
unpack  the  ZIP  file  into  your  Web  server  document 
tree.  Convert  your  existing  Web  forms  to  use 
HTMLArea  by  adding  JavaScript  and  CSS  source 
file  links  to  the  document  head  (shown  in  the  pro¬ 
vided  example.html  file),  and  invoking  onload= 
HTMLArea.replaceAII()  in  the  opening  body  tag. 
The  user's  editing  mark-up  is  included  as  HTML  in 
the  textarea  field  value  submitted  to  the  server, 


which  might  require  some  server  adjustments  to 
avoid  losing  format  information.  The  optional  spell¬ 
check  support  in  HTMLArea  requires  Perl,  the 
Text:Aspell  perl  module  from  CPAN  (DocFinder: 
1932)  and  GNU  Aspell  (from  aspell.net),  all  avail¬ 
able  at  no  cost  for  Windows  and  Unix. 

Blass  is  a  network  architect  at  Change@Work  in 
Houston.  He  can  be  reached  at  dr.internet@ 
changeatwork.  com. 
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RSS  technology  revisited 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 

Mark 

Gibbs 


This  week,  RSS  tools!  First  we  have  a 
Windows  RSS  aggregator  or  reader 
(the  terms  are  used  interchangeably) 
called  Feedreader  for  reading  your  favorite 
RSS  feeds.  RSS  stands  for  Rich  Site 
Summary  Really  Simple  Syndication,  or 
RDF  Site  Summaiy  —  no  one  seems  to 
know  for  certain. 

If  you  haven’t  come  across  RSS  feeds 
before,  check  out  our  previous  foray  into 
the  topic  (see  www.nwfusion.com, 
DocFinder:  1936)  and  XML.com  story 
(DocFinder:  1937). 

Feedreader  was  released  with  a  Gnu 
General  Public  License  (GPL)  and  was 
free.  We  say  “was”  because  it  is  no  longer 
under  development. That  said,  it  has  a  fea¬ 
ture  we  really  like  that  we  haven’t  found  in 
another  reader:  A  built-in  Web  server  that 
lets  us  integrate  its  output  with  our  intranet. 

Feedreader  can  understand  RSS  0.9,0.91, 
0.92, 1 .00  and  2.0,  plus  the  Dublin  Core  and 
Slashback  extensions,  and  supports  Out¬ 
line  Processor  Mark-up  Language  (OPML). 


There  are  actually  nine  versions  of  RSS 
with  all  sorts  of  technical  issues  that  limit 
backward-,  forward-  and  sideways-compati¬ 
bility  See  the  “Dive  into  Mark”  blog  (Doc¬ 
Finder:  1938)  for  an  interesting  and  rather 
critical  discussion. 

The  second  one,  the  Dublin  Core,  from 
the  Dublin  Core  Metadata  Initiative,  is  inter¬ 
esting  because  it  is  a  set  of  metadata  stan¬ 
dards  “that  support  a  broad  range  of  pur¬ 
poses  and  business  models,”  and  has  an 
RFC  (see  DocFinder:  1939). 

Dublin  Core  has  been  described  as  “a 
metadata  pidgin  for  digital  tourists  who 
must  find  their  way  in  this  linguistically 
diverse  landscape.  Its  vocabulary  is  small 
enough  to  learn  quickly  and  its  basic  pat¬ 
tern  is  easily  grasped”  (quoted  from  “A 
Grammar  of  Dublin  Core”by  Thomas  Baker 
of  the  German  National  Research  Center 
for  Information  Technology). 

The  most  useful  document  concerning 
RSS  is  “Expressing  Simple  Dublin  Core  in 
RDF/XML”  by  Dave  Beckett,  Eric  Miller  and 
Dan  Brickley  (see  DocFinder:  1940). 

Regarding  “Slashback  extensions,”  we 
wish  we  could  point  you  to  some  back¬ 
ground  but  we  could  find  nothing. 

Finally,  Outline  Processor  Mark-up 
Language,  according  to  Dave  Winer,  the 
godfather  of  RSS  and  OPML,is“a  file  format 


that  can  be  used  to  exchange  subscription 
lists  between  programs  that  read  RSS  files.” 
What  is  particularly  interesting  about 
OPML  is  that  it  describes,  as  its  name 
implies,  outlines,  which  means  that  it  is 
applicable  to  all  sorts  of  tasks  where  struc¬ 
tured  lists  are  required  (see  DocFinders: 
1941  and  1942). 

The  only  negative  about  Feedreader  — 
apart  from  it  now  being  “abandonware” — 
is  that  the  formatting  of  its  Web  output  is 
“compiled  in”the  executable  code.  As  we 
are  not  Delphi  7  programmers,  moving  the 
embedded  formatting  to  external  tem¬ 
plates  that  would  be  loaded  on  start-up  is 
not  going  to  happen.  We  think  that  a  bit  of 
dynamic  HTML  hocus-pocus  might  work: 
Load  the  server  output  into  an  in-line 
frame  (an  iframe)  in  another  Web  page, 
then  find  the  content  of  the  iframe  by 
exploring  the  document  object  model  and 
applying  a  cascading  style  sheet.  If  you  feel 
the  desire  for  everlasting  Gearhead  fame, 
feel  free  to  send  us  your  solution. 

If  you  want  something  that  isn’t  abandon- 
ware,  check  out  the  free  GPL’ed  Sharp- 
Reader  (DocFinder:  1943),  which  is  still 
under  development.This  software  requires 
the  Microsoft  .Net  Version  1.1  framework 
and  supports  all  RSS  versions:  ATOM  (a 
competitor  to  RSS  —  see  DocFinder:  1944), 


Dublin  Core,content:encoding  (this  means 
that  rich  in-line  content  in  HTML  such  as 
graphics  is  supported),  and  xhtmhbody 
(the  big  boys’  XML  version  of 
content:encoding). 

Another  free,  GPL’ed  RSS  utility  worth 
checking  out  is  Syndirella  (DocFinder: 
1945).  Based  on  the  .Net  Version  1.0  frame¬ 
work,  Syndirella  supports  all  the  variants  of 
RSS  and  OPML  import,  and  can  even 
scrape  Web  sites  that  do  not  offer  a  news 
feed  and  treat  the  data  as  if  it  were  RSS. 

Syndirella  also  addresses  one  of  the  big 
problems  with  RSS  usage:  needless  feed 
downloads.  Let’s  say  that  you  like  to  read 
the  Gibbs  blog  (no,  it  doesn’t  exist  yet)  and 
its  RSS  feed  is,  say  50K  bytes.  If  you  check 
that  feed  every  hour  then  you  will  be 
downloading  something  in  excess  of  600K 
bytes  per  day.  And  if  you  are  doing  that  in 
concert  with,  say  20,000  other  people,  the 
Gibbs  server  will  be  delivering  1.2G  bytes 
of  content  every  day  But  as  the  feed  might 
only  update  a  couple  of  times  per  day 
that’s  a  lot  of  wasted  bandwidth  on  every¬ 
one’s  part  —  particularly  the  Gibbs  server. 
But  we’ve  run  out  of  column  bandwidth. 

Next  week:  Down  with  wasted  band¬ 
width.  But  waste  a  little  writing  to  gear 
head@gibbs.  com. 


Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


The  scoop:  Zire  72  from  palmOne,  about  $300. 

What  it  does:  One  of  two  new  PDAs  from  palmOne  (the 
other  is  the  low-end  Zire  31),  the  Zire  72  is  an  upgrade  of 
last  year’s  Zire  71,  one  of  the  first  Palm 
PDAs  to  include  a  digital  camera. 

This  year’s  model  includes  a  1.3- 
megapixel  camera  built  into  the 
back.  PalmOne’s  tag  line  for  the 
device  is  “For  work.  For  play.  For 
life.” The  work  part  means  typical 
PDA  functions  including  a  per¬ 
sonal  organizer, Office  integration 
for  Word  and  Excel  documents, 
and  a  Bluetooth  wireless  connec- 
tion.The  play  part  means  features 
like  the  digital  camera,  video  cap¬ 
ture  and  an  MP3  player.  The  Zire 
72  includes  32M  bytes  of  memory 
(with  24M  bytes  available  for  the 
user),  and  runs  off  the  new  ARM- 
based  312-MHz  Intel  PXA270 
processor. 

Why  it’s  cool:  We’re  big  fans  of 
reducing  the  number  of  devices 
to  carry  around,  so  a  PDA  that 


PalmOne's  Zire  72  includes  a  1.3- 
megapixel  digital  camera. 


includes  a  digital  camera  and  a  good  MP3  player  (songs 
and  videos  run  off  a  Secure  Digital  I/O  card,  sold  sepa¬ 
rately)  is  always  appreciated.  The  digital  camera  has 
improved  slightly  since  the  Zire  71  days,  but  the  images 
are  still  only  Web-  and  e-mail-worthy  Still,  for  those  times 
when  you  don’t  have  a  digital  camera  (but  you  do  have  a 
PDA),  having  the  camera  can  help  catch  spontaneous 
moments,  and  the  1.3-megapixel  camera  is  bet¬ 
ter  than  the  current  slate  of  camera  phones. 

Grade:  ★★★★  (out  of  five) 

The  scoop:  Vaio  desktop  (PCV-RS530G),from 
Sony  about  $1,300. 

What  it  does:  A  desktop 
system  that  includes 
some  very  nice  multi- 
media  options,  including  a 
TV  tuner  and  personal  video¬ 
recording  application.  When 
you  connect  a  cable  TV  line  to 
the  computer,  these  applica¬ 
tions  let  you  record  shows  or 
let  you  watch  TV  directly  on 
the  computer. 

This  can  save  space  in  a  limit¬ 
ed  area  (such  as  a  college 
dorm  room),  or  in  an  office 
where  you  don’t  want  to  place 
a  separate  TV  or  monitor.  The 
additional  DVD  burning  and 
video  editing  applications  let 
you  convert  your  saved  record¬ 
ings  onto  DVDs.  With  a  number 
of  USB  2.0  and  i.Link  (IEEE 
1394)  ports,  you  also  can  attach 
a  number  of  different  peripher¬ 
als,  making  it  a  complete  multi- 
media  system.  The  system 


Sony's  new  desktop 
system  includes  a  bevy 
of  multimedia  features, 


comes  with  a  3.2-GHz  Pentium  4  processor,  at  least  512M 
bytes  of  RAM  and  an  ATI  Radeon  9200  graphics  card  to 
keep  up  with  all  the  video  and  multimedia  projects  you 
can  think  of. 

Why  it’s  cool:  Sure,  you  can  get  a  Media  Center  PC, 
but  the  systems  we’ve  tried  haven’t  impressed  us  much. 
The  Vaio  desktop  system  pretty  much  does  everything 
else  that  a  Media  Center  PC  does,  but  with  Windows  XP 
We  love  being  able  to  watch  TV  and  compute  at  the 
same  time,  so  the  addition  of  the  TV  tuner  card  was  a 
definite  plus. 

The  Giga  Pocket  Personal  Video  Recorder  pretty  much 
acts  like  a  TiVo  or  ReplayTV  box,  with  a  free  electronic 
program  guide  available  through  the  Internet.  It  was  easy 
to  save  TV  shows  onto  the  hard  disk,  edit  out  the  com¬ 
mercials  and  save  to  a  DVD.  It  let  us  create  DVDs  of  our 
favorite  TV  shows  without  having  to  wait  a  few  years  for 
the  eventual  commercial  DVD  to  come  out. 

Grade:  ★★★★★ 

Shaw  can  be  reached  at  kshaw@nww.com. 


It’s  hot  and  cool  at  the  same  time. 

The  Xerox  Phaser®  8400  is  the  fastest  color 
printer  in  the  world  for  under  $1000.* 
There’s  a  new  way  to  look  at  it. 


Sizzling  performance.  Refreshing  price.  Not  only  does 
the  Xerox  Phaser  8400  deliver  24  pages  per  minute 
in  black  and  white,  but  it  produces  brilliant  color  prints 
at  the  same  dazzling  speed.  For  under  $1000!  Color  is 
consistently  clear  and  vivid,  print  after  print.  Your  first 
page  out  is  an  industry-leading  6  seconds.  And  when 


it  comes  to  convenience,  nothing  is  cooler  than  the 
Phaser  8400’s  unique  and  reliable  solid-ink  technolog}' 
which  makes  changing  our  ink  simple,  and  clean.  For 
more  about  our  full  line  of  Xerox  network  printers, 
digital  copiers  and  multi-function  systems,  just  call  us 
or  visit  our  website  today.  Our  whole  line  is  cool  and  hot. 

the  Document  company 

XEROX 


Learn  more:  xerox.com/offfice/1964  Or  call:  1-877*362-6567  ext.  1964 

•  Based  on  manufacturers  rated  speed  and  estimated  retail  price 

<0  2004  XEROX  CORPORATION  All  rights  reserved.  XEROX?  The  Document  Company?  Phaser  and  There’s  a  new  way  to  look  at  it  are  trademarks  of  XEROX  CORPORATION. 


Redline  Networks  helps  medical 
records  management fir 
ChartOne  cure  network  pai 
and  boost  the  business  cas 
its  Web-enabled  ERP  app 


NO  IT  EXECUTIVE  LOOKS  FORWARD  TO  ASKING  upper  management 
to  spend  $200,000  on  a  major  system  upgrade.  But  Henry  Svendblad, 
director  of  IT  at  ChartOne,  Inc.,  felt  he  had  little  choice. 


ChartOne,  based  in  San  Jose,  California,  sells 
technology  and  services  that  help  health  care 
institutions  easily  and  cost-effectively  access  and 
manage  patient  records.  To  better  serve  its 
customers,  which  represent  20%  of  hospitals  in  the 
U.S.,  and  to  ease  the  burden  on  its  own  IT  staff,  the 
company  wanted  to  migrate  its  ERP  applications  to 
the  Web. 

Like  many  companies  transitioning  to  Web- 
based  applications,  ChartOne  hit  performance 
snags  that  no  amount  of  application  tuning  and 
new  hardware  could  cure.  Only  after  two  years  of 
trial  and  error  did  ChartOne  find  a  cure  in  Redline 
Networks,  which  makes  a  family  of  appliances  that 
deliver  a  broad  set  of  capabilities  to  ease  the 
network  burdens  and  boost  the  business  case  for 
Web-enabled  applications.  With  Redline's  E|X  3250 
enterprise  application  processor  handling  I/O 
processing,  connection  management,  compression, 
load  balancing  and  SSL  processing,  ChartOne 
customers  and  internal  users  are  now  experiencing 
the  performance  they  require  —  and  the  company's 
IT  group  is  realizing  the  administrative  benefits  that 
Web-enabled  applications  can  bring. 


ON  THE  WEB  TRAIL 

ChartOne's  odyssey  began  in  July  of  2001 ,  when 
the  company  began  migrating  its  homegrown 
client/server  enterprise  applications  to  Peoplesoft  8, 
a  Web-based  ERP  suite.  "We  were  expecting  growth 
of  20%  to  30%  a  year,  and  we  felt  we  needed  a  big 
ERP  system,"  Svendblad  says.  In  addition,  thin, 
standardized  browsers  would  require  far  less  IT 
support  than  fat,  homegrown  clients. 

If  ChartOne  was  going  to  offer  Web-based 
patient  records  management  services,  Svendblad 
also  felt  the  company  "should  eat  our  own  dog  food" 
and  use  a  Web-based  application  platform  internally. 

Webification  proved  to  have  its  challenges, 
however.  As  more  application  modules  and  users 
moved  onto  the  new  infrastructure,  response  times 
slowed  to  a  crawl.  Employees  at  the  company's  1 0 
remote  offices  sometimes  spent  hours  waiting  for 
tickler  screens  that  had  taken  minutes  to  display 
under  the  old  client/server  system.  The  10-  to  15- 
person  offices  had  plenty  of  bandwidth,  IT  staffers 
knew:  In  anticipation  of  the  migration  to  Peoplesoft 
8,  they'd  deployed  T1  links  to  each  site. 

Users  on  the  corporate  LAN  were  also  having 


difficulties.  By  far,  the  worst  off  was  the  accounts 
receivable  department,  which  processes  more  than 
300,000  transactions  per  month.  Productivity  had 
dropped  by  20%  because  of  response  time  degra¬ 
dation.  "During  peak  usage  periods,  it  was  taking 
people  minutes  to  go  from  screen  to  screen," 
Svendblad  says. 


ChartOne's  Challenges 


•  Web-enabled  enterprise  applications  were 
overloading  servers. 

•  Server  processors  were  at  80%  to  90% 
utilization  levels  during  peak  traffic  periods. 

•  Slow  response  time  over  corporate  LAN  was 
hurting  user  productivity. 

•  Remote  users  waited  hours  for  screen 
downloads. 


The  Redline  Networks  Cure 


•  Average  server  CPU  utilizadon  during  peak 
usage  now  between  10%  and  15%. 

•  Response  time  returned  to  desirable  levels 
for  local  and  remote  users. 

•  Remote  sites  no  longer  need  terminal  servers. 

•  Bandwidth  consumption  decreased  approxi¬ 
mately  70%. 

•  Savings  of  $200,000  by  avoiding  major 
hardware  upgrades. 
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Reduced  number  of  costly 
security  certificates 
Saved  $200,000  in  server  upgrades 


setup  also  strained  budgets  and  IT  resources. 

Meanwhile,  Web  and  application  servers  were  still 
maxing  out  during  peak  usage  periods.  A  major 
upgrade  seemed  inevitable.  "It  looked  like  we  needed 
a  new  [BEA  Systems]  WebLogic  server,  a  new 
database  server  and  a  third  server  for  finance," 
Svendblad  says.  His  team  priced  out  three  SunFire 
servers  on  the  second-hand  market  at  about  $50,000 
apiece.  He  also  budgeted  $50,000  for  a  LAN 
upgrade,  bringing  the  total  budget  hit  to  $200,000, 
which  Svendblad  calls  a  conservative  estimate. 


IN  SEARCH  OF  A  CURE 

As  user  complaints  mounted,  the  IT  staff  began 
looking  for  remedies.  PeopleSoft  and  Oracle  — 
ChartOne’s  application  vendors  —  initially  suggested 
fine-tuning  their  applications.  "With  a  thin  Web 
client,  ERP  systems  involve  complex  querying  in  the 
background,"  Svendblad  explains. 

When  tweaking  back-end  software  produced 
little  improvement,  ChartOne  tried  upgrading  its 
server  hardware.  It  deployed  another  Sun  420R 
application  server  and  storage  box,  then  migrated 
the  main  financial  server  from  a  420R  to  a  more 
powerful  SunFire  server.  "Performance  improved 
slightly,  but  we  were  still  looking  at  CPU  usage  in 
the  high  80%  to  90%  range  during  peak  processing 
time,"  Svendblad  says.  "And  our  phones  were  still 
ringing  off  the  hook." 

Pressed  for  answers,  ChartOne  even  took  the 
radical  step  of  supplying  remote  offices  and  home 
workers  with  terminal  servers.  While  that  substan¬ 
tially  improved  response  time,  maintaining  the 
devices  offsite  was  a  major  burden  on  the  IT 
support  staff.  "It  was  like  we’d  gone  back  to  a 
client/server  setup,"  Svendblad  says,  noting  the 


ONE  VERY  BRIEF  PILOT 

Just  as  he  was  about  to  swallow  that  bitter  pill, 
a  former  colleague  told  Svendblad  about  Redline 
Networks  in  Campbell,  Calif.,  and  its  family  of 
appliances  that  help  enterprises  manage  the 
network  impact  of  Web-enabled  applications  and 
improve  their  business  case. 

In  the  summer  of  2003,  ChartOne  deployed 
Redline's  E|X  3250  enterprise  application  processor 
in  front  of  its  WebLogic  servers.  The  Redline  device 
took  over  complex  scheduling  of  TCP  requests 
and  connection  management  chores  for  as  many 
as  150  users,  saving  the  Web  servers'  CPU  and 
memory  resources  for  other  activities  like  page 
generation.  The  E|X  also  performed  data  compres¬ 
sion  to  speed  up  server  response  and  conserve 
bandwidth. 

Svendblad's  group  started  out  with  a  pilot  test 
within  the  accounts  receivable  group,  which  took 
the  biggest  performance  hit  after  moving  to 
Peoplesoft  8.  Setting  up  users  was  simple  and 
transparent,  Svendblad  reports:  "I  just  changed  the 
local  DNS  setting,  and  when  users  clicked  on  the 
PeopleSoft  icon,  they  were  routed  through  the 
Redline  box.  We  didn't  have  to  change  anything  on 


LEARN  MORE  ABOUT  REDLINE  NETWORKS  ONLINE 


Read  what  leading  analysts  and  other  customers  say 
about  Redline  Networks  at  our  new  InfoCenter,or  call  us  at: 


1.877.550.6420 

Visit:  www.redlinenetworks.com/infocenter 


our  existing  architecture,  or  on  the  WebLogic  or 
PeopleSoft  servers." 

User  response  was  fast  and  dramatic.  "People 
were  asking  us  if  we'd  put  some  magic  juice  in  their 
system,"  Svendblad  reports.  When  word  spread, 
end  users  not  involved  in  the  pilot  "were  pounding 
on  our  door  saying,  'Whatever  you  did  for  her,  do 
for  me!"'  It  may  have  been  the  shortest  pilot  on 
record:  A  day  after  the  test  started,  the  company 
routed  all  the  other  users  through  the  Redline  box. 

TALLYING  THE  BENEFITS 

Once  the  bulk  of  users  was  online,  the  benefits 
of  the  Redline  device  really  began  to  kick  in, 
Svendblad  reports.  Average  CPU  consumption 
during  peak  processing  time  plummeted  from  80% 
or  more  to  less  than  15%.  Bandwidth  consumption 
decreased  approximately  70%. 

The  E|X  3250  now  handles  SSL  encryption, 
as  well.  "We  have  security  without  burdening 
our  servers  with  managing  certificates  or  with  SSL," 
Svendblad  says.  The  company  also  saves  money  on 
SSL  certificates,  since  it  needs  only  one  for  the 
Redline  box  instead  of  one  for  each  server. 

Over  the  past  year,  ChartOne  brought  its 
customer  relationship  management,  HR  and 
Hyperion  Business  Performance  Management 
applications  behind  the  Redline  box.  Most  recently, 
the  company  added  its  View  Manager:  Chart 
Management  Suite  of  ASP  offerings  to  the  set  of 
applications  front-ended  by  the  E|X  platform. 


After  ChartOne  installed  the  Redline 
Networks  E|X  3250,  user  response 
was  dramatically  faster.  "People  were 
asking  us  if  we'd  put  some  magic 
juice  in  their  system,"  says  Henry 
Svendblad,  director  of  IT. 


ChartOne's  hundred-odd  remote  and  mobile 
users  have  completely  eliminated  their  terminal 
servers  and  use  a  standard  Web  browser  to  access 
all  applications,  via  the  E|X  3250.  "The  user  experi¬ 
ence  is  improved,  and  our  support  costs  are  lower," 
Svendblad  says. 

The  bottom  line:  ChartOne  successfully  imple¬ 
mented  a  Web-enabled  ERP  platform  with  a  "single 
box  solution"  that  addresses  critical  Web  tier  issues 
while  dramatically  improving  the  business  case  by 
increasing  user  productivity  and  avoiding  costly 
hardware  upgrades.  End  users  now  experience  the 
same  response  time  levels  and  productivity  they 
had  with  customized  fat  clients  —  but  IT  no  longer 
has  the  support  burden.  Says  Svendblad:  "I  think 
that's  pretty  impressive." 
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ON  TECHNOLOGY 

John  Dix 

Start-up  looks 
to  solve  WLAN 
RF  problems 


Some  early  wireless  LAN  users  say  their  largest 

source  of  headaches  is  radio  frequency  problems, 
everything  from  interference  to  playing  with  radio 
locations  to  optimize  performance.  Start-up  Propagate 
Networks  hopes  to  eradicate  that. 

“You  should  be  able  to  just  plug  this  stuff  in  and  have  it 
work,  but  you  can’t  today” says  Paul  Callahan,  vice  presi¬ 
dent  of  business  development  and  one  of  the  company’s 
three  co-founders.“Wireless  is  really,  really  busted. There 
are  all  these  ‘a’  and  'b'  and  ‘g’  options  and  you  need  to 
tune  stuff  and  it  involves  all  this  planning,  which  is  totally 
stupid  and  counterproductive.” 

And  it  will  only  get  more  difficult  as  the  number  of  wire¬ 
less  devices  increases  and  connectivity  demands  climb. 

The  company’s  answer  is  AutoCell,a  layer  of  control  code 
designed  to  make  Wi-Fi  automatic  at  the  RF  level.  Propa¬ 
gate  has  convinced  Chantry  Networks,  Bluesocket,  Reef- 
Edge  and  Netgear  to  adopt  its  technology  which  is  still  in 
beta,  and  hopes  others  will  follow  suit.  If  it  can  convince 
enough  of  the  important  players  to  get  onboard,  deploying 
and  managing  WLANs  will  get  a  lot  simpler. 

When  AutoCell-equipped  access  points  are  installed  they 
listen  to  the  environment  to  identify  interference  and  other 
networks,  and  then  auto  tune  to  the  quietest  channel. Then 
the  access  points  adjust  their  power  up  or  down  to  mini¬ 
mize  interference  and,  if  AutoCell  is  loaded  on  the  client 
radios,  tunes  those  as  well.  Finally  when  everything  is  con¬ 
nected,  AutoCell  load-balances  traffic  across  access  points, 
optimizing  network  performance. 

All  of  this  is  achieved  by  introducing  signaling  packets 
into  the  wireless  stream,  which  Callahan  says  never  repre¬ 
sents  more  than  1%  of  all  traffic,  no  matter  the  size  of  the 
network. 

Product  demonstrations  are  convincing.  A  roomful  of  dif¬ 
ferent  types  of  access  points  come  online  and  adjust  their 
power  accordingly,  endstations  connect,  and  then  every¬ 
thing  balances  out. This  definitely  would  be  a  boon  for  any 
RF  environment. 

The  question  is,  can  Propagate  convince  enough  ven¬ 
dors  to  sign  on.  After  all,  some  of  them  fancy  their  RF 
management  tools  as  product  differentiators.  And  Cisco, 
the  big  fish  in  the  WLAN  pond,  is  said  to  be  building  its 
own  technology. 

Propagate  has  submitted  its  work  as  a  standard  to  the 
IETF  but  you  can  act  now.  Ask  your  suppliers  about 
AutoCell  and  if  they  say  they  have  something  better,  ask 
them  if  their  competitors  will  embrace  it.  What  we  need  is 
technology  that  spans  proprietary  products. 


Blocking  is  best 

In  Mark  Gibbs’  Backspin  column  “Wrapping  up  the 
messaging  and  spam  tour”  (www.nwfusion.com, 
DocFinder:  1926),  he  asks  readers  how  they  plan  to 
defend  their  companies  from  spam.  My  company 
uses  plain  and  simple  blocking,  using  a  whole 
bunch  of  blocklists  (names  on  request).  Why? 
Because  spam  filtering  (SpamAssassin  and  similar 
products)  just  don’t  work.  Instead,  they  up  the  ante 
and  cause  continuous  escalation  in  the  war 
between  e-mail  administrators  and  spammers.  It’s 
much  easier  to  just  block. 

If  we  all  started  blocking,  the  spammers  wouldn’t 
get  enough  mail  delivered  to  justify  their  existence. 
With  filtering  they  never  see  the  e-mails  that  are 
thrown  away  and  they  give  their  clients  inflated 
delivery  figures  as  a  matter  of  course. 

Users  don’t  want  to  see  “iffy”  spam,  marked  by  fil¬ 
ters  such  as  SpamAssassin. They  don’t  want  to  have 
to  look  at  bloated  spam  buckets  before  they  decide 
to  throw  the  junk  away  And  they  don’t  want  to 
decide  things  like  “spam  threshold”  and  “words  to 
block  on.”They  just  don’t  want  to  see  the  spam. 

So  my  company  runs  a  Web  page  (wwwspam 
blocked.net/blocked.html),  which  we  point  to  in  our 
rejection  notices,  where  anyone  who  takes  the  trou¬ 
ble  to  go  there  can  ask  to  be  whitelisted.  So  far,  in  a 
16-month  test  of  about  20  domains  (roughly  12,000 
e-mails  daily), we’ve  had  three  verified  false  positives. 

We’ll  soon  offer  this  solution  to  a  few  hundred 
more  domains,  offering  a  limited  version  of  it  as  a 
free  add-on  to  Web  hosting  companies  using  the 
DirectAdmin  hosting  control  panel  (http://direct 
admin.com)  and  announcing  it  as  a  service  to  the 
general  public  at  www.reallystopspam.com. 

Jeff  Lasman 
Riverside,  Calif. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772. 
Please  include  phone  number  and  address  for  verification. 


Microsoft  and  the  European  Union 

Regarding  Dave  Kearns’ column  “Sorry,  Microsoft,  but 
the  EU  got  it  right”  (DocFinder:  1927):  The  U.S. 
Department  of  Justice  won  the  case  against 
Microsoft,  then  walked  away  after  agreeing  with 
Microsoft  that  the  company  should  play  nicer  (with¬ 
out  strictly  defining  what  “nicer"  means)  and  not 
defining  any  substantive  consequences  should 
Microsoft  continue, as  it  has,  to  be  a  poorly  behaved, 
convicted  monopolist.  The  EU  did  the  right  thing, 
while  causing  no  damage  at  all  to  innovation  and 
no  significant  harm  to  Microsoft. 

Stephen  Wfyman 
Austin, Texas 

Dave  Kearns’  comment  that  Media  Player  only  clogs 
the  network  is  like  saying  GUI  interfaces  are  an 
annoyance  to  real  users.  We  are  only  at  the  begin¬ 
ning  of  understanding  how  natural,  unobtrusive 
interfaces  will  propel  the  next  generation  of  com¬ 
puting.  Is  Kearns  not  at  all  concerned  about  govern¬ 
ments  telling  corporations  what  they  can  and  can¬ 
not  bundle  into  their  products?  While  anti-competi¬ 
tive  behavior  that  makes  it  impossible  for  new  prod¬ 
ucts  to  come  to  market  needs  to  be  challenged,  so 
does  government  over-reaching.  Encouraging  open 
architectures  and  penalizing  anti-competitive  archi¬ 
tectures  seems  a  more  appropriate  balance. 

Jerry  Monroe 
Wayne,  N.J. 

Kearns  replies:  In  some  instances  I  believe  that  the 
mie  of  law  should  govern  what  can  and  cannot  be 
bundled.  There  are  many  examples,  going  back  many 
years,  from  industries  other  than  our  own.  There's 
nothing  in  the  EU  mling  that  stops  anyone  from 
installing  Windows  Media  Player.  As  to  the  bandwidth 
issue,  it  should  be  up  to  the  company  to  determine 
when  and  where  bandwidth-hogging  streaming  ser¬ 
vices  are  offered,  not  individual  users. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topics.  DocFinder  1924 


—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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ON  THE  ROAD 

Sandra  Gittlen 


Security:  Are  we  on  overload? 


It 


When  NetworkWorid  Lab  Alliance  mem¬ 
ber  and  Opus  One  senior  partner  Joel 
Snyder  and  I  began  discussing  ideas 
for  this  year’s  security  technology  tour,  which 
kicks  off  next  week  in  Boston, we  kept  coming 
back  to  the  same 
issue:  There  is  so 
much  security  technology  out  there  that  it  is 
oftentimes  overwhelming. 

Chances  are,  IT  managers,  in  the  rush  to  lock 
down  their  networks,  have  installed  these 
technologies  piecemeal.  Budget  approved; 
add  another  layer  of  security  Threat  detected; 

add  another  layer  of  security  Need  to  reassure  stakeholders;  add  anoth¬ 
er  layer  of  security  These  are  all  great  reasons  to  beef  up  the  security  of 
your  network.  And  doing  so  is  not  necessarily  a  bad  strategy 
But  now’s  your  chance  to  “de-architect“  your  security  strategy  and 
make  sure  that  the  technology  you  have  isn’t  a  liability  Are  your  fire¬ 
walls  in  the  best  possible  position  for  maximum  effect?  Is  your  anti¬ 
virus  upgraded  properly  and  installed  everywhere  it  needs  to  be?  Can 
you  manage  your  enterprise  password  protection  in  a  better  way?  You 
also  want  to  make  sure  that  you  haven’t  built  in  so  many  layers  of  pro¬ 
tection  that  you're  overtaxing  your  system  —  or  worse,  that  some  pro¬ 
grams  aren’t  counterbalancing  one  another  to  create  vulnerabilities. 

Taking  an  inventory  of  every  security  tool  in  your  network  —  even 
those  at  remote  sites, branch  offices  and  on  mobile  devices  —  will  help 
you  understand  what  you’re  dealing  with.  You  might  discover  that 
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you’ve  got  too  many  tools  to  manage  and  there  is  a  simpler  alternative 
that  doesn’t  compromise  defenses. 

In  his  morning  and  afternoon  keynote  addresses  for  “Enterprise 
Security:  Fail-Safe  Architecture,’’  Snyder  will  do  a  virtual  assessment  of 
today’s  security  technologies  and  how  you  can  best  utilize  them.  He’ll 
explain  how  to  determine  what  you  need  and 
what  you  can  do  without.  More  importantly, 
Snyder  will  explain  how  to  construct  your 
overall  security  strategy  —  the  do’s  and  don’ts 
for  dealing  with  vendors  and  your  own  orga¬ 
nization. 

Joining  us  onstage  will  be  the  leading  com¬ 
panies  in  the  security  market,  representing  a 
cross-section  of  tools  and  services:  ForeScout,  Lancope,  NetSolve, 
VeriSign  and  Virtela  Communications.  Also  exhibiting  their  wares  will 
be  AccuData,  Black  Dragon  Software, The  Network  Guys,  IntraSystems, 
Secure  Computing,  Solsoft,  Summit, Viack  and  V-One. 

Let’s  face  it:  Of  all  the  budget  constraints  IT  managers  have  faced  over 
the  past  few  years,  security  has  been  the  area  least  affected.  No  one 
wants  to  explain  after  a  hacker  attack  or  a  fast-spreading  worm  that 
they  were  compromised  because  they  didn’t  invest  in  the  right  tools. 

Now  it’s  time  to  make  sure  you’re  putting  those  tools  to  good  use  and 
not  letting  them  become  a  hindrance  to  themselves.To  register  for  this 
event,  go  to  www.nwfusion.com,  DocFinder:  1936. 

Gittlen  is  Network  Worlds  Events  &  Executive  Forums  editor.  She  can 
be  reached  at  sgittlen@nww.com. 


No  one  wants  to 
explain  after  a 
hacker  attack 
that  they  were 
compromised 
because  they 
didn't  invest  in 
the  right  tools. 


INDUSTRY  COMMENTARY 

Frank  Dzubeck 

In  this  first  decade  of  the  21st  century,  the 
communications  industry  is  at  an  interest¬ 
ing  transition  point.  The  20th  century 
could  be  called  The  Wireline  Century,  with 
millions  of  kilometers  of  copper  wire,  cable 
and  glass  fiber  being  installed  in  homes  and 
office  buildings,  below  and  above  streets,  and 
under  oceans.  The  21st  century  is  rapidly  becoming  The  Wireless 
Century  The  motivation  for  wireless  technology  is  no  longer  voice,  as  it 
was  in  the  last  century  but  data.  This  shift  has  been  the  impetus  for  a 
number  of  distinct  technologies  for  delivering  unique  services  to  users. 

The  first  wireless  technology  that  seems  to  be  on  the  verge  of  market 
introduction  is  ultrawideband  (UWB).  Based  on  IEEE  802.15,  UWB  is 
designed  for  extremely  high  bandwidth  (100M  to  400M  bit/sec  or  high¬ 
er)  across  a  short  distance  (less  than  32  feet, as  mandated  by  the  FCC) 
in  a  point-to-multipoint  architecture.  UWB  is  widely  seen  as  the  equiva¬ 
lent  of  wireline  USB,  wirelessly  connecting  printers,  monitors,  storage 
devices  and  other  equipment  to  PCs  or  servers. 

The  second  wireless  technology  that  is  revolutionizing  communica¬ 
tions  is  IEEE  802.1 1  (Wi-Fi). This  technology  is  rapidly  becoming  a  re¬ 
placement  for  wireline  Ethernet.  In  addition  to  use  in  corporate  build¬ 
ings  and  homes, Wi-Fi  is  fast  becoming  the  favored  remote  data-access 
method,  called  hot  spots,  and  an  alternative  access  methodology  for 
voice.Today  most  new  cell  phones  come  with  a  multimode  capability 
inclusive  of  802. 1 1  .This  lets  users  piggyback  voice  access  onto  an  inter¬ 
nal  corporate  network,  roam  between  cellular  mobile  networks  and 
newer  VoIP  carrier  networks,  or  access  the  Internet  through  a  hot  spot. 
Another  example  is  Skype  software,  which  lets  a  PDA  or  laptop  invoke 
a  voice  call  to  another  Skype  user  over  the  Internet,  using  802. 1 1  as  the 
access  media.This  effectively  lets  users  make  free,  distance-insensitive 
voice  calls. 

The  third  wireless  technology  in  this  revolution  is  IEEE  802. 16.  This 
standard  has  two  forms:  fixed  and  mobile.  The  fixed  version  is  viewed 


The  dawn  of  a  wireless  century 


as  an  alternative  to  carrier  local  loop  wireline  and  cable  access 
because  it  can  deliver  multi-megabit/sec  broadband  connections  in  a 
point-to-multipoint  mode  over  a  radius  of  more  than  10  miles  to  more 
than  100  simultaneous  users. WiMax  is  fast  developing  into  the  wireless 
equivalent  of  T-l,  cable  or  DSL  access.  The  technology  is  perfect  for 
aggregation  of,  and  carrier  network  access  to,  802.11  hot  spots.  The 
mobile  version  is  another  issue.  A  recent  announcement  of  an  alliance 
between  Alcatel  and  Intel  to  develop  802.16  mobile  technology  to 
compete  with  current  GSM  and  future  Universal  Mobile  Tele¬ 
communications  System  protocols  indicates  that  cellular  networks 
soon  might  be  a  relic  of  the  20th  century  Currently  there  is  another 
wireless  standard  in  this  area  called  IEEE  802.20.  Initially  IEEE  802.20 
and  802.16  had  different  focuses,  but  have  evolved  with  the  introduc¬ 
tion  of  the  mobile  version  of  802.16  into  direct  competitors.  Industry 
support  seems  to  be  shifting  to  802.16  because  of  the  availability  of 
components  and  the  advanced  state  of  the  standard. 

The  final  technology  fueling  the  wireless  revolution  is  an  alternative 
to  fiber.  In  October,  the  FCC  approved  the  use  of  the  71  to  76  GHz,  81  to 
86  GHz  and  92  to  95  GHz  frequency  bands.These  bands  will  enable  car¬ 
rier-grade,  point-to-point,  two-way  2.48G  bit/sec  communications  trans¬ 
port  for  more  than  1  mile. The  next  generation  of  this  technology  will 
deliver  10G  bit/sec  at  the  same  level  of  quality  and  distance. This  new 
wireless  technology  has  all  the  quality  traits  and  cost  points  required 
for  last-mile,  high  bandwidth  fiber  replacement. 

Wireless  transport  in  the  21st  century  will  dominate  the  delivery  of 
voice,  video  and  data  for  the  shortest  distance  between  your  PC  and  a 
printer,  to  10G  bit/sec  building  metropolitan-area  access  and  all  the 
broadband  mobility  points  in  between. The  reaFtriple  play”  communi¬ 
cations  revolution  will  not  be  over  wires,  but  through  the  air. 


The  real  ‘triple 
play'  communica¬ 
tions  revolution 
will  not  be  over 
wires,  but 
through  the  air. 


Dzubeck  is  president  of  Communications  Network  Architects,  an 
industry  analysis  firm  in  Washington,  D.C.  He  can  be  reached  at 
fdzubeck@commnetarch.  com. 
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Extend  the  power  of  your  network  with  the  most  adaptive  wireless  solution  from  the  leading  high-performance 

networking  company.  Foundry’s  integrated  wired  and  wireless  network  infrastructure  solutions  put  you  in  control.  Foundry's 
standards-based  dual-band  Iron  Point1'1  200.' is  a  full-featured  access  point  featuring  strong  security  with  dynamic  WEP.  Wl’A.TKIP, 
and  AES  data  encryption,  802.  IX  authentication,  and  user  access  control.  The  IronPoint  200  can  be  tightly  integrated  with  your 

Wired  infrastructure  using  wireless-enabled  Foundry  switches,  w  hich  offer  Power  over  Ethernet, 
Layer  3  roaming,  plug-and-play  installation,  and  advanced  security  features.  Foundry's  Iron  View" 
IronPoint— edition  network  management  system  provides  centralized  operations,  security  policy 
management.  RF  surveillance,  and  rich  reporting  capabilities.  Foundry's  wireless  solution  offers 
’  '  ***• " QT  the  performance  and  flexibility  you  need  with  integrated  Layer  2/3/4  switching  features 

unparalleled  in  the  industry.  Take  to  the  air.  and  get  the  freedom  of  mobility  today.  Call  Foundry 
'  ■  . at  1 .888.TUU.BOLAN  (1.888.887.2632)  or  visit  ww  w.foundrynetworks.com/tlight 
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C QAA  nff  Is  a  unified  WLAN  approach 
|  dbC^UI  I  better  than  an  overlay? 

Two  industry  insiders  debate  whether  Wi-Fi  should  be  deployed  as  an  extension  of  the  wired  LAN. 


Yes,  by  Vipin  Jain 


efore  embracing  a  particular  wireless  LAN  architecture,  buyers  should  con¬ 
sider  the  burdens  the  WLAN  will  place  on  the  enterprise  network,  including 
security  and  management  needs.The  best  way  to  stay  ahead  of  changes  in 
enterprise  networking  is  to  adopt  a  unified  solution  that  integrates  the  wire¬ 
less  and  wired  infrastructure  at  the  network  edge,  where  it  can  be  effectively 
managed  from  one  console. 

Adopting  this  unified  strategy  allows  you  to  upgrade  your  edge  switches  using  software 
while  buying  incremental  hardware  upgrades  as  needed  to  deal  with  future  scalability 
and  new  application  requirements.  Additional  edge  switches  are  easy  to  install  incremen¬ 
tally  This  unified  approach  to  broadband  provisioning  —  buying  for  now  as  well  as 
preparing  for  the  future  —  offers  the  most  flexibility  simplicity  and  scalability 
By  contrast,  an  overlay  approach  is  shortsighted  and  inflexible.lt  locks  customers  into 
an  inevitable  and  incessant  upgrade  cycle,  resulting  in  multiple  networks  that  are  difficult 
to  manage. These  upgrades  also  lack  complete  security  functions  and  necessary  levels  of 
reliability 

Many  companies  have  delayed  deployment  of  wireless  networks  because  they’re 
daunted  by  the  prospect  of  securing  and  operating  separate  networks  for  wired  and  wire¬ 
less  access.  In  an  overlay  scheme,  multiple  products  from  multiple  vendors  become  over¬ 
whelming.  Each  requires  specific  equipment,  which  accelerates  capital  and  operational 
costs,  to  address  management,  intrusion-protection  and  security  issues. 

The  unified  architecture  approach  to  an  integrated  wired  and  wireless  network  reduces 
capital  and  operational  expenditure  because  it  eliminates  the  need  for  costly  deploy¬ 
ment  of  core  and  edge  products.  For  example,  in  a  unified  environment,  access  points 
deliver  radio  frequency  functions  while  power, security,  access  control  and  policy  man¬ 
agement  are  done  directly  in  the  edge  switch.  Combined  with  centralized  networking 
intelligence,  this  level  of  simplicity  dramatically  increases  cost-effectiveness. 

Another  important  aspect  of  overall  WLAN  integration  is  security  The  compounding 
effect  of  new  applications  and  services,  new  employees,  new  equipment  and  new  kinds 
of  devices  can  turn  security  protocols  into  a  dizzying  maze. With  the  unified  architecture 
approach,  companies  can  use  existing  standards  and  provide  the  same  high  stan- 


No,  by  Keerti  Melkote 


ireless  networks  are  completely  different  from  their  wired  brethren 
and  should  be  treated  as  such.  Merely  adding  wireless  as  a  feature  to 
existing  wired  networks  quickly  turns  into  a  security  and  manage¬ 
ment  nightmare,  for  several  reasons: 

•  Wireless  networks  are  inherently  insecure.  Radio  frequency  waves 
penetrate  walls  and  flow  into  parking  lots.  Locking  the  RF  environment  is  essential  to 
maintaining  the  privacy  of  the  enterprise  network. That’s  only  the  beginning.  All  inte¬ 
gral  components  of  a  wireless  network  such  as  secure  user  authentication  strong 
encryption,  containing  wireless  intrusions  and  rogue  transmissions,  and  stateful  fire¬ 
walling  can’t  be  simply  bolted  onto  the  corporate  intranet. 

•  RF  spectrum  is  shared  and  dynamic.  Wi-Fi’s  unlicensed  spectrum  is  free  to  anyone 
for  any  application.  Other  radio  frequency  sources, such  as  neighboring  access  points 
and  cordless  phones,  can  cause  interference  problems.  Constant  real-time  monitoring 
and  radio  frequency  spectrum  management  is  required  to  combat  this  reality. Self-cali¬ 
brating  wireless  LAN  (WLAN)  capabilities  also  are  mandatory  for  operating  a  wireless 
network,  including  dynamic  channel  allocation  and  automatic  power  assignment,  inter¬ 
ference  detection  and  mitigation, self-healing  and  load  balancing.  Moreover,  sharing  the 
air  requires  the  use  of  new  quality-of-service  (QoS)  mechanisms  for  prioritizing  access 
to  the  medium  along  with  methods  that  minimize  jitter  and  maximize  battery  power  for 
handheld  devices.  Wired  networks  don’t  know  or  care  about  any  of  these  requirements. 
Trying  to  incrementally  add  them  disrupts  what  already  works. 

•  Wireless  networks  require  mobilityAn  enterprise  Wi-Fi  network  is  like  a  cellular  net¬ 
work  in  that  roaming  and  seamless  handoffs  are  an  implicit  expectation.  Like  a  cellular 
network  that  uses  the  IP  network  for  transport, so  should  the  WLAN.  An  enterprise  Wi-Fi 
user  can  roam  across  multiple  LAN  ports  and  multiple  wired  LAN  switches  in  the  net¬ 
work  while  staying  connected  to  the  network.  Ultimately  wired  networks  must  aggregate 
user  ports  and  deliver  wire-speed  transport  for  TCP/IP  traffic.  But  Wi-Fi  networks  need  to 
process  and  forward  traffic  based  on  user  identity  location  and  presence  while  delivering 
security  mobility  RF  spectrum  management  and  QoS  for  emerging  wireless  applications. 

Anchoring  the  wireless  network  to  a  wired  switch  artificially  limits  your  ability  to 


dards  for  security  intrusion  detection  and  prevention,  virus  quarantine,  resiliency 
and  quality  of  service  to  their  wired  and  wireless  infrastructure.  With  an  over¬ 
lay  approach  —  because  of  its  piecemeal  nature  —  companies  have  to  ^ 

deploy  redundant  technology  at  the  edge  as  well  as  in  the  core  with  overlay  * 

appliances,  and  manage  disparate  standards  and  protocols.This  opens  the 
network  to  more  security  risks. 

To  meet  future  requirements  and  to  support  diverse,  networked  devices  on  the 
network, a  unified  architecture  is  the  way  to  go.  It  cuts  total  cost  of  ownership  M0P6  Oflllnc! 
by  eliminating  security  deployment  and  operations  challenges.  Log  on  t0  NetW0li<  WoHd  Fusjon  t0  voice  your 


evolve  the  two  networks  independently  As  wireless  access  points  proliferate 
throughout  the  enterprise,  an  integrated  approach  requires  that  wired  edge 
switches  be  upgraded  throughout  the  network.This  can  be  expensive  com¬ 
pared  with  an  overlay  architecture  that  aggregates  wireless  intelligence  at  a 
centralized  point  with  thin  access  points  deployed  at  the  edge.Thin  access 
points  tunnel  wireless  traffic  transparently  over  the  wired  LAN  and  are  cen¬ 
trally  controlled  by  dedicated  wireless  switches.This  results  in  no  logical  or 
physical  changes  to  the  wired  LAN  and  is  more  secure,  less  disruptive 
and  more  cost-effective  than  the  unified  access  approach. 


Jain  is  vice  president  and  general  manager,  LAN  Access,  at  Extreme 
Networks.  He  can  be  reached  at  vipin@extremenetworks.com. 


opinion.  Face-off  authors  Vipin  Jain  and  Keerti 
Melkote  will  add  their  thoughts  to  the  discussion. 
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Melkote  is  co-founder  and  vice  president  of  product  marketing  at  Aruba 
Wireless  Networks.  He  can  be  reached  at  melkote@arubanetworks.  com. 
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Faster  than  the  speed  of  change. 

Be  nimble.  Be  quick.  HP  Integrity  Servers  are  capable  of  executing  one  million 
transactions  per  minute  and  built  to  run  multiple  operating  systems  simultaneously. 
Supported  by  Intel®  Itanium®  2  technology,  Integrity  is  the  most  powerful  line  of 
industry-standard  servers  available  today.  Providing  you  with  the  computing 
power  to  adapt,  evolve  and  change  faster  than  anyone,  anywhere,  at  any  time. 
www.hp.com/info/integrity 
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‘f’-  edge  interoperability  testing  that 

will  be  showcased  this  week  at 
St  NetWorld+Interop. 

yEafly  last  iiionth.  warehouse 
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...'^  somewhere  off  Route  101  between  San  Francisco  \v 

and  San  Jose,  dozens  of  network  engineers  ham-  '' 

mered  away  at  hundreds  of  products  tested  as  part  of 


For  more  than  a  decade.  iLabs  has  served  as  a  neutral  prov-  fgri-  W 
ing  ground  where  vendors  can  test  their  products  in  accor- 
dance  with  emerging  standards.  The  iLabs  team  prides  itself 
on  a  long  history  of  providing  an  honest  assessment  of  how  / 
useful  these  technologies  will  or  won’t  be  in  your  network.  As  vV  / 

the  media  sponsor  of  InteropNet  Labs,  Network  World  had 
exclusive  access  to  the  pre-stage  event  that  literally  sets  the 

stage  for  the  testing  demonstrations  showcased  on  the  trade-show  floor  this  week  in  Las  Vegas. 

The  three  focal  points  of  this  years  iLabs  endeavors  are: 

•  Interoperability  ofVoIP  products  using  Session  Initiation  Protocol  (SIP). 

•  Secure  wired  and  wireless  LAN  access  based  on  the  IETF’s  802.  IX  standard. 

•  Multi-protocol  Label  Switching  gear  that  supports  various  MPLS  VPN  technologies  and  new 
developments  in  IPv6/IPv4/MPLS  integration. 

We’ve  placed  Network  World  Lab  Alliance  partners  Joel  Snyder  on  the  SIP  team  (see  story  below) 
and  Rodney  Thayer  on  the  802.  IX  LAN  access  security  team  (see  story  page  64)  to  provide  a  closer 
look  at  the  state  of  those  two  standards.  Additionally  Network  World  Managing  Editor  Jim  Duffy  inter¬ 
viewed  three  of  the  MPLS  testers  (see  story7,  page  66). 


f  JOEL  SNYDER,  NETWORK  WORLD  LAB  ALLIANCE 


SIP  aces  basic  interop  tests 


We  didn’t  just  take  a  sip.  We  took  a  good  long  drink  of 
SIP  technology  in  this  round  of  iLabs  testing. 

We  gathered  more  than  50  devices  from  five  SIP  server 
vendors  and  13  SIP  endpoint  vendors  to  prove  that  multi¬ 
vendor  SIP  telephony  deployments  are  possible.  Our  results 
show  that  while  basic  SIP  interoperability  is  outstanding, 
advanced  features  such  as  call  forwarding  and  conferenc¬ 
ing  might  not  work  so  smoothly  between  all  SIP  devices. 


Protocol  simplicity  is  an  argument  in  favor  of  SIP  over 
the  more  complicated  H. 323  VoIP  standard. This  simplic¬ 
ity  minimized  interoperability  problems  and  made 
device  configuration  easy.  Compared  with  previous 
iLabs  tests  involving  H.323,  SIP  let  us  connect  more 
devices  to  more  servers  more  quickly. With  the  exception 
of  an  older  device  an  engineer  brought  from  his  own 
network,  all  SIP  endpoints  passed  our  basic  call  tests. 


Las  Vegas  2004 


Starting  from  scratch 

We  defined  our  telephony  environment  in  the  context 
of  a  midsize  company  wanting  to  build  a  SIP-based  VoIP 
system  from  the  ground  up.  Designing  a  VoIP  network  is 
much  like  designing  a  LAN:You  have  to  plan  all  aspects, 
from  numbering  of  phones  and  IP  addresses,  to  setting 
up  services  such  as  voice  mail  and  call  conferencing,  to 
enabling  voice  encoders,  to  naming  devices. 

One  of  the  first  VoIP  planning  steps  is  setting  up  the  dial 
plan  (see  “Dialing  for  VoIP  dollars,”  page  60)  that  defines 
how  long  phone  numbers  are,  how  gateways  to  the  public 
switched  telephone  network  (PSTN)  are  addressed  and 
how  the  internal  network  is  divided  between  SIP  servers. 

In  a  traditional  telephony  environment,  the  dial  plan  is 
built  into  the  PBX.  In  a  SIP  network,  the  dial  plan  has  to 
be  configured  on  all  phones  individually.  If  you  don’t 
program  the  dial  plan  into  the  phones,  end  users  will 
either  wait  for  the  phone  to  “time  out”  when  dialing  or  hit 
a  terminator  character  (the  pound  sign  is  common) 
when  they’re  done  to  get  the  phone  to  dial  (like  hitting 
“send”  on  a  cell  phone). 

Because  of  the  expanse  of  our  SIP  test  bed,  we  had  a 
fairly  complex  dialing  plan  and  found  that  not  every 
phone  could  support  that.  On  our  network,  users  could 
dial  phone-to-phone  with  a  four-digit  extension.  But  to 
dial  through  to  the  PSTN,  Interop’s  eNet  or  Free  World 
Dialup  SIP  service,  they’d  use  single-digit  prefixes, such  as 
“9,”  followed  by  a  number  on  the  other  network.  A  num¬ 
ber  of  SIP  endpoints  couldn’t  handle  that  much  flexibili¬ 
ty  With  those  phones,  we  put  in  a  maximum  number  of 
digits  —  19,  to  be  exact  —  and  use  timeouts  or  termina¬ 
tors  when  dialing.  It’s  hard  to  say  whether  this  is  an  inter¬ 
operability  problem  or  just  poor  design. 

With  dialing  plan  in  hand,  we  installed  the  five  SIP  proxy 
servers,  open  source  Asterisk  (from  Digium)  and  SIP 
Express  Router  (SER,  from  iptel.org),  and  commercial 
products  from  Avaya,  Cisco  and  Nortel.  Each  SIP  server 
had  to  support  a  number  of  phones  and  be  able  to  send 
calls  to  the  other  SIP  servers.  We  took  the  40-plus  phones 
and  assigned  each  to  one  of  the  SIP  servers  (see  graphic, 
page  62)  so  that  each  phone  registered  with  only  one  SIP 
server  and  that  server  was  responsible  for  routing  any  SIP 
calls  for  that  phone. 

When  we  achieved  100%  interoperability  between  SIP 
servers  using  direct  dialing,  we  threw  a  monkey  wrench 
into  the  works  by  adding  an  Enum  dialing  test.  An  inter¬ 
national  proposal  on  how  to  link  the  Internet  VoIP  and 
PSTN  worlds  together  using  DNS  Enum  currently  is  mired 
in  political  infighting  in  the  U.S.  However,  the  concept  of 

See  SIP,  page  60 


HP  Integrity  servers  are  taking  off,  as  are  the  companies  using  them. 
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Companies  adopting  HP  Integrity  servers,  powered  by  industry-leading  Intel  Itanium  2  processors,  are  seeing 

remarkable  gains  in  performance.  The  momentum  is  building.  One  after  another,  companies  are  choosing  HP  Integrity  servers.  Leading  software 
and  technology  partners  such  as  BEA,  Microsoft®  Oracle,  SAP  and  Siebel  Systems  have  embraced  the  platform  as  an  industry  standard.  And  with  the  ability 
to  manage  a  mixed  environment  of  UNIX,  Microsoft"  Windows®  Linux  and  OpenVMS,  HP  Integrity  servers  are  fast  becoming  the  ultimate  consolidation  tool. 
Demand  maximum  performance,  reliability  and  cost-efficiency  now,  on  a  platform  that  will  carry  you  forward  into  the  future.  Demand  performance  that's 
real-world  proven,  and  get  it— with  HP  Integrity  server  solutions. 


Choosing  HP  Integrity  servers,  choosing  results. 


AIRBUS  UK: 

Running  HP-UXlli 
on  HP  Integrity  servers, 
20-30  wing  design 
simulations  that  used 
to  take  weeks  are 
now  done  overnight. 


COMPUSA: 

Going  with  64-bit 
architecture  using  HP 
Integrity  servers,  they 
cut  access  time  to 
inventory  data  by  up 
to  85%. 


FIAT  AUTO: 

Standardizing  on  64-bit 
infrastructure  using  HP 
Integrity  servers,  they're 
integrating  and  enhancing 
sales  and  service  as  well 
as  streamlining  the  buying 
process  while  lowering 
sales  cost. 


THE  KOEHLER  GROUP: 

Moving  to  an  environment 
composed  of  HP  Integrity 
servers,  they  gained 
a  50%  improvement  in 
mission-critical  performance. 
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To  get  the  IDC  white  paper  outlining  the  performance  of  HP  Integrity  servers  with  Intel  Itanium  2 
processors,  go  to  hp.com/go/demandlntegrity6  or  call  1-800-282-6672,  option  5,  mention  code 
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Enum  can  be  applied  at  the  enterprise 
level  in  a  private  DNS  tree.  For  the  SIP 
servers  that  supported  Enum  —  Asterisk 
and  SER  —  it  worked  well. 

Once  we  had  basic  connectivity  work¬ 
ing,  we  dumped  all  the  phones  on  the  dif¬ 
ferent  SIP  servers  to  test  interoperability 
within  each  SIP  server. We  had  a  few  prob¬ 
lems  getting  the  phones  installed  as  the 
number  of  them  stressed  our  team  from  an 
installation  and  a  testing  standpoint. 

Most  of  the  phones  we  tested  were  SIP 
"hard  phones,” generally  managed  using  a 
Web-based  interface.  We  installed  phones 
from  Avaya,  Cisco,  Grandstream  Networks, 
ipDialog,  Pingtel,  Fblycom,  Pulver  Inno¬ 
vations,  Siemens  and  Snom  Technology 
We  also  tested  soft  phones  from  Xten  on 
Windows  and  Mac  OS  X  platforms,  and 
FXS  gateways  (see  “SIP  terms,”  right)  from 
AudioCodes,  Cisco,  D-Link  Systems,  MIP 
Telecom  and  Multi-Tech  Systems. 

When  it  came  to  simply  calling  from 
phone  to  phone  through  the  same  SIP 
proxy  server,  we  achieved  nearly  100% 
interoperability  Of  the  230  test  cases,  only 
seven  were  not  resolved  by  some  reconfig¬ 
uration  in  our  testing, coming  down  to  two 
very  specific  combinations  of  phone  plus 


SIP  proxy  (ipDialog  phone 
on  SER  SIP  proxy  and 
Fblycom  phone  on  Avaya 
SIP  proxy). The  most  com¬ 
mon  problem  we  saw  was  phones  that 
connected  to  each  other,  but  didn’t  have 
audio  reception. 

This  success  doesn’t  mean  that  every¬ 
thing  behaved  perfectly  We  ran  into  some 
problems, such  as  calls  that  wouldn’t  com¬ 
plete  and  phones  that  didn’t  ring,  which 
disappeared  when  phones  were  rebooted 
or  calls  were  redialed. 

Our  single-application  VoIP  network 
comprised  a  dedicated,  lOOM-byte 
switch  port  to  each  device.  We  discov¬ 
ered  that  the  VoIP  network  was  extraordi¬ 
narily  sensitive  to  small  perturbations  in 
topology. We  were  forced  to  make  several 
adjustments  to  DNS  and  Dynamic  Host 
Configuration  Protocol  services  after  dis¬ 
covering  that  many  of  the  SIP  phones  do 
not  have  the  same  tolerances  for  differ¬ 
ent  TCP/IP  network  designs.  For  example, 
our  Cisco  phones  would  occasionally 
fail  to  complete  calls  when  DNS  requests 
went  through  a  router, but  behaved  when 
we  added  a  non-routed  path  to  the  DNS 
server. 

One  very  basic  interoperability  failure, 
however,  was  a  complete  surprise.  We 

See  SIP,  page  62 
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Session  Initiation 
Protocol  is  a  control 
protocol  for  multimedia 
sessions.  Although  most  SIP  software 
and  hardware  are  designed  for  the 
simple  case  of  VoIP  telephony,  SIP  is 
actually  a  generic  protocol  that  can  be 
used  to  create  multimedia  confer¬ 
ences  with  voice,  video  and  other 
datastreams  (such  as  instant-messag- 
ing-type  applications).  SIP 
doesn’t  actually  transfer 
any  of  the  voice  or  video 
data.  Instead,  SIP  is  used 
to  set  up  a  session,  and 
another  protocol  (Real¬ 
time  Transport  Protocol, 
in  the  telephony  case)  is 
used  to  send  the  voice. 

Endpoints,  also  called 
user  agents,  are  the 
phones  of  the  SIP  world. 

Anything  that  sits  at  the  other  end  of  a 
SIP  session  is  considered  an  endpoint. 
For  example,  a  voice  mail  system  acts 
as  an  endpoint.  The  most  common  SIP 
endpoint  is  going  to  be  a  hard  phone:  a 
box  that  looks  a  lot  like  the  phone  on 
your  desk,  but  with  an  Ethernet  port 
instead  of  a  two-wire  analog  phone  line 
coming  out  the  back.  Hard  phones  run 
SIP  software,  have  IP  addresses  and 


thing  with  two  wires  to  which  you  con¬ 
nect  a  telephone.  The  FXS  gateway  is 
essentially  a  box  that  has  an  Ethernet 
port  on  one  side,  a  two-wire  analog 
telephone  jack  on  the  other,  and  SIP 
running  in  between.  FXS  gateways, 
such  as  the  Cisco  ATA-186  or  the 
Multi-Tech  MVP210,  have  become  very 
popular  in  residential  VoIP  systems 
because  they  let  you  hook  your  existing 
analog  phones  to  the  digital 
SIP  network. 

SIP  servers  are  sys 
terns  that  help  phones  talk 
to  each  other  (and  other 
endpoints).  Technically, 
there  is  no  such  thing  as  a 
SIP  server.  Because  SIP  is 
a  decentralized  protocol, 
the  traditional  PBX  has  no 
direct  VoIP  equivalent. 
Phones  can  and  do  talk 
directly  to  each  other  for  call  control 
and  voice  traffic,  and  functions  such 
as  directory  services  and  call  control 
can  be  highly  distributed.  This  makes 
it  difficult  to  know  what  to  call  a  sys¬ 
tem  that  does  provide  PBX-like  SIP 
services,  because  a  server  might  have 
a  combination  of  registration  ser¬ 
vices,  call  redirection  and  call  control 
functions.  Where  the  exact  function 


SIP 

terms 


All  telephony  networks  require  a  dial  plan 
that  describes  what  happens  when  you 
dial  which  numbers.  In  the  U.S.,  for  exam¬ 
ple,  we  participate  in  the  North  American 
Numbering  Plan,  which  is  why  we  put  a  "011" 
before  international  calls  and  "1"  before  an 
area  code  and  phone  number.  These  kinds  of 
things  are  all  specified  in  a  dial  plan. 

When  the  iLabs  engineers  sat  down  to 
design  our  dial  plan,  we  didn’t  realize  that  we'd 
almost  come  to  blows  over  the  details.  But,  like 
all  human  interface  issues,  how  many  digits  you  have  to  dial,  and  what  they 
mean  tend  to  elicit  strong  feelings. 

One  example  of  the  problem  came  when  we  debated  how  people  were 
going  to  leave  the  world  of  our  little  PBX  and  connect  to  the  rest  of  the  tele¬ 
phony  universe.  Half  of  the  team  wanted  to  use  the  traditional  “dial  9  to  get 
out”  strategy,  while  the  other  half  wanted  to  simply  let  you  pick  up  a  phone 
and  start  dialing. 

There  are  pros  and  cons  to  each  approach.  For  example,  if  you're  in  an  area 
where  you  always  have  to  dial  the  area  code  for  any  phone  number  anyway,  a  "9" 
access  code  is  not  needed.  On  the  other  hand,  if  you’re  transitioning  from  a  legacy 
PBX  (with  a  "dial  9"  policy)  to  a  SIP  network,  the  transition  might  be  easier  if  the 
dialing  plan  is  the  same  —  even  if  there's  no  need  for  the  extra  digit. 

There’s  more  to  a  dialing  and  numbering  plan  than  that.  In  our  test  network, 
we  didn’t  know  how  many  SIP  proxy  servers  we  were  going  to  end  up  with,  so 
we  used  the  first  two  digits  of  each  of  our  four-digit  extension  numbers  to  route 
the  call  to  a  particular  proxy  server,  reserving  two  digits  for  the  phones.  By 
routing  calls  based  on  the  first  few  digits  dialed,  we  didn't  have  to  make  every 
server  know  about  every  phone,  just  about  every  other  server. 

When  you  have  to  connect  to  a  legacy  PBX,  especially  during  a  transition  per¬ 
iod,  the  dialing  plan  also  helps  to  minimize  confusion. 

The  diai  plan  is  programmed  into  the  logic  of  every  SIP  proxy  server  in  the 
network,  and  also  is  pushed  out  (to  some  extent)  to  each  phone.  Phones  don't 
need  to  know  about  call  routing,  but  they  do  need  to  know  how  long  phone  num- 


need  a  fairly  hefty  and  complex  config¬ 
uration  to  survive.  In  addition  to  hard 
phones,  two  other  important  kinds  of 
endpoints  in  SIP  are  analog  telephone 
adapters  (also  called  FXS  gateways) 
and  soft  phones. 

Soft  phones  are  simply  software 
versions  of  the  SIP  phone,  typically 
designed  to  be  installed  on  a  PC, 
Macintosh  or  PDA.  With  a  soft  phone 
and  an  Inexpensive  headset,  you  can 
turn  your  $3,000  laptop  into  the  SIP 
version  of  a  $10  phone. 

An  FXS  gateway,  or  analog  tele¬ 
phone  adapter  (often  written  as  analog 
telephone  adapter),  is  a  device  that  lets 
normal  two-wire  telephones  be  con¬ 
nected  to  a  SIP  network.  FXS  stands 
for  "foreign  exchange  station"  and  is 
an  old  telephony  acronym  used  to 
describe  what  most  of  us  consider  a 
plain  old  telephone  service  line:  some- 


isn’t  important,  the  term  “SIP  server" 
has  come  into  common  use. 

The  two  most  common  types  of  SIP 
servers  are  the  registration  server 
and  the  proxy  server  A  registration 
server  receives  and  collates  informa¬ 
tion  about  phones,  helping  to  map 
from  SIP  addresses  (such  as  an 
extension  number  or  a  SIP  URL)  out 
to  IP  addresses. The  proxy  server  nor¬ 
mally  receives  incoming  and  outgoing 
call  requests  on  behalf  of  a  phone. 

This  lets  the  more  sophisticated 
tasks,  such  as  ringing  multiple 
phones,  dealing  with  DNS  and  Enum, 
or  accounting,  be  pushed  out  to  the 
proxy  server,  making  the  phone  sim¬ 
pler,  faster,  easier  to  manage  and  less 
expensive.  In  many  VoIP  networks,  the 
proxy  server  and  registration  server 
are  the  same  system, 

—  Joel  Snyder 


bers  are.  This  is  because  the  phone  decides  when  enough  digits  have  been 
pressed  and  it’s  time  to  actually  make  the  call,  not  the  PBX,  as  in  traditional 
telephony. 

Phones  without  a  properly  configured  dial  plan  either  require  a  terminator 
(such  as  the  pound  symbol)  or  a  timeout  (such  as  waiting  for  4  or  5  seconds) 
before  they  actually  start  calling.  Some  phones  support  a  "plan-less'’  mode  of 
operation  where  they  try  to  make  a  call  for  every  digit  dialed,  depending  on  the 
SIP  proxy  server  to  return  different  status  codes,  depending  on  whether  the 
partial  number  is  illegal  or  just  too  short.  In  a  large  deployment,  the  phone  would 
download  the  dial  plan  as  part  of  its  configuration  at  boot  time. 

Designing  the  dial  plan  is  an  important  part  of  any  SIP  deployment  because 
changing  it  requires  changing  every  SIP  device  in  the  network.  Just  as  engineer¬ 
ing  a  proper  IP  address  and  subnet  plan  is  important  in  a  TCP/IP  network,  get¬ 
ting  the  dial  plan  right  the  first  time  can  save  a  lot  of  grief  and  problems  later. 

—  Joel  Snyder 
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Leading  the  battle  against  network  threats  takes  remarkably  sophisticated  weaponry. 
Only  Juniper  Networks  can  make  your  network  impenetrable  without  sacrificing  speed  or 
reliability.  Superior  performance  shouldn’t  be  at  the  expense  of  security,  but  the  essence  of  it. 
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hooked  an  Adtran  channel  bank  — 
which  takes  a  multiplexed  phone  line, 
such  as  a  T-l,  and  breaks  it  out  to  its  24 
individual  lines  for  connection  to  tradi¬ 
tional  analog  telephony  devices  —  to  a 
Digium  T-l  card  to  provide  some  analog 
phone  lines  to  connect  to  phones  and  to 
the  PSTN.  Unfortunately,  the  channel  bank 
didn’t  mix  well  with  the  inexpensive  ana¬ 
log  speaker  phones  we  purchased  for  the 
test  lab.  We  managed  to  make  two  of  the 
phones  unusable  before  we  realized  what 
was  happening. 

Features  cry  foul 

Simply  making  calls  is  only  part  of  the 
picture  for  an  enterprise  VoIP  deploy¬ 
ment.  We  also  were  interested  in  features, 
such  as  call  transfer,  that  would  further 
stress  the  interoperability  of  SIP  phones 
and  our  SIP  proxy  servers  a  little  more. 

Testing  these  features  is  easy,  but  decid¬ 
ing  where  the  problem  lies  when  they 
don’t  work  is  not.To  help  us  in  this  analy¬ 
sis,  we  depended  heavily  on  EtherPeek 
NX  from  WildPackets  and  the  VoIP-centric 
ClearSight  Analyzer  from  ClearSight  Tech¬ 
nology.  We  were  particularly  impressed  at 
ClearSight's  ability  to  record  a  VoIP  call 
and  play  it  back,  a  feature  that  helped  us 
debug  voice  quality  problems. 

Because  many  features  are  built  into  the 
phone,  rather  than  into  the  SIP  proxy 
server,  there’s  no  one  place  on  the  network 
to  look  for  feature  support.  Some  features, 
such  as  call  transfer,  also  suffer  from  a  lack 
of  standard  nomenclature  across  vendors. 
For  example,  when  some  vendors  mention 
call  transfer,  they  mean  “blind  transfer^’ 
where  the  call  is  simply  sent  from  one 
phone  to  the  other.  Others  mean  “consulta¬ 
tive  transfer’’  where  the  person  doing  the 
transferring  speaks  first  and  says  what  is 
happening.  These  are  pretty  simple  in  tra¬ 
ditional  telephony  but  are  radically  differ¬ 
ent  operations  in  the  VoIP  world. 

Where  the  VoIP  community  hasn’t 
reached  agreement  on  strategies,  we  also 
found  interoperability  problems.  For  exam¬ 
ple,  there  are  several  options  on  how  to 
send  dual-tone  multifrequency  (DTMF) 
tones  —  the  tones  you  hear  while  dialing 
the  phone  —  over  a  VoIP  network.You  sim¬ 
ply  can  send  the  DTMF  tones  in-band  over 
the  data  path  as  tones,  or  you  can  use  the 
RFC  2833  format  to  send  a  special  payload 
that  tells  the  other  end  that  a  DTMF  tone  is 
being  generated.We  used  the  RFC  2833  for¬ 
mat,  which  is  more  robust,  and  found  two 
curious  combinations  of  phone  and  SIP 
proxy  combinations  —  the  WiSIP  phone 
on  Asterisk  SIP  proxy  and  the  Siemens 
phone  on  Avaya  SIP  proxy  —  where  it 
didn’t  work  properly  These  were  phones 
that  worked  correctly  on  other  SIP  proxy 
servers,  and  SIP  proxy  servers  that  worked 
correctly  with  other  phones,  so  we  could 
not  determine  which  end  was  the  source 
of  the  problem. 

In  testing  our  other  enterprise  features, 


including  call  hold  and 
retrieve,  call  transfer, 
multi-line  calling  and 
receiving,  call  forwarding 
and  conferencing,  we  ran  into  the  same 
kind  of  variability:  Many  things  worked, 
but  we  had  a  much  lower  success  rate 
than  with  simple  calling. 

In  some  cases,  we  could  see  the  culprit 
pretty  easily  For  example,  no  call  transfer 
across  SIP  proxy  servers  involving  the 
Asterisk  SIP  proxy  worked,  pointing  the 
finger  pretty  strongly  at  Asterisk.  We  also 
saw  repeated  failures  in  call  transfers 
involving  Siemens  phones  and  multiple 
SIP  proxy  servers. 

PSTN  and  firewalls 

One  of  our  goals  was  to  show  how  an 
enterprise  SIP  network  could  be  con¬ 
nected  to  the  PSTN  directly  over  the 
Internet  using  a  telephony  service 
provider.  Free  World  Dialup,  a  no-cost  SIP 
network  that  has  connections  to  several 
PSTN  service  providers,  built  a  link  to  the 
iLabs  SIP  network.  Voicepulse.Vonage  and 
Packet8,  three  other  commercial  telepho¬ 
ny  service  providers  using  SIRdeclined. 

The  Free  World  Dialup  link  showed 


another  SIP  interoperabil¬ 
ity  issue  in  bold  letters: 
security  We  initially  pro¬ 
tected  our  SIP  test  bed 
using  a  Check  Fbint  firewall,  its  latest  and 
greatest  version  of  Firewall-1,  which  in¬ 
cludes  a  SIP  proxy  as  part  of  the  basic  unit. 
Using  a  fairly  general  model,  the  Firewall-1 
SIP  gateway  knows  about  SIP  proxy  servers 
and  SIP  signaling  and  can  use  information 
on  a  proxy-to-proxy  connection  to  let  two 
phones  talk  directly  to  each  other. 

Unfortunately,  a  worldwide  network  like 
Free  World  Dialup  isn’t  constrained  very 
well  because  any  system  on  the  Internet 
can  participate.  That  vagueness  meant 
that  Firewall-1  s  advanced  SIP  capabilities 
weren’t  much  use  to  us.  Even  if  you 
weren’t  connecting  one  enterprise  SIP 
network  to  another  company  you’d  run 
into  similar  problems  if  you  let  end  users 
take  soft  phones  or  hard  phones  on  the 
road  with  them.  A  stronger  authentication 
measure,  such  as  an  IPSec  VPN  tunnel, 
would  probably  be  necessary 
We  also  integrated  an  Intertex  1X66  SIP 
firewall  in  to  our  test  network  between  a 
Polycom  phone  and  an  Asterisk  SIP  proxy 
server  without  any  changes  in  interoper¬ 


ability  or  feature  support. 

Doing  your  own  testing 

We  pinpointed  several  areas  where 
additional  SIP  testing  is  needed.  One  is 
voice  quality.  Some  SIP  devices,  such  as 
the  AudioCodes  FXS  gateway,  were  tuned 
to  work  best  across  a  low-latency  network 
like  a  Fast  Ethernet  LAN.  When  we  used 
the  AudioCodes  gateway,  there  was  no 
noticeable  latency  on  VoIP  calls.  At  the 
other  end  of  the  spectrum  were  the  soft 
phones  from  Xten,  the  Windows  and  Mac 
versions  of  X-Pro.With  Xten,  the  combina¬ 
tion  of  the  latency  introduced  by  our  test 
laptops  and  tuning  aimed  at  calls  over  the 
wide-area  Internet,  introduced  a  very  dis¬ 
tinct  delay  into  our  calls. 

Most  SIP  hard  and  soft  phones  and  gate¬ 
ways  let  you  tune  the  audio  jitter  to  meet 
the  performance  characteristics  of  your 
network.  In  testing  for  an  enterprise 
deployment,  human  factors  such  as  jitter 
management  and  appropriate  delay  are 
important  considerations. 

Snyder  is  a  senior  partner  at  Opus  One  in 
Tucson,  Ariz.  He  can  be  reached  at  joel. 
snyder@opus  1 .  com. 
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Testing  SIP  interoperability  on  a  large  scale 

The  iLabs  team  built  an  extraordinary  network 
comprising  more  that  40  endpoints  from  15  vendors 
to  stretch  the  reach  of  their  interoperability 
scenario.  While  a  corporation  likely  would 
narrow  the  field  of  devices  in  its 
deployment,  the  iLabs  testing  shows 
that  basic  SIP-based  calling  and  some 
enterprise  features  such  as  call  transfer 
and  conferencing  are  indeed  inter¬ 
operable  if  your  network  is  ready  for 
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Auto  Tracking  Feature 
in  all  models 


High  speed  economical 
transmission  up  to  1.25Gbps 

Provides  High-quality,  reliable 
wireless  communications 
up  to  2km  with  Auto  Tracking 

Requires  no  radio  frequency 
allocations,  permits  or  licenses 

Highly  secure  data  links 

Protocol  independent,  like 
fiber  optic  cable 

Installation  and  operating  cost 
are  much  lower  than  installing 
fiber  optic  cable 
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CANOBEAM  COMBINES  HIGH-TECH  WITH  LOW  PRICES 


CANO  BE  Am 

DT-100  Series, 


•  Economical  FSO  for  data 
transmission  from  20m  to  500m 

•  Wide  range  of  data  speeds  from 
25Mbps  to  156Mbps 

•  Auto  Tracking  Feature 

•  DT-MNG100,  Management  Board 
built-in 


Provides  high-quality,  reliable 
wireless  communications  from 
100m  to  2km 

Wide  range  of  data  speeds  from 
25Mbps  to  156Mbps 

Auto  Tracking  Feature 

DT-MNG100;  Management  Board 
built-in 


•  State-of-art  data  transmission  at 
1.25Gbps  for  Gigabit  Ethernet  network 

•  Transmission  distance  from  100m 
to  1000m 

•  3R  Function  (Re-shaping,  Re-timing, 
Re-generating) 

•  Auto  Tracking  Feature 

•  DT-MNG100,  Management  Board  built-in 


Find  out  more  at  c anobeam.com 


1-800-321-4388  (Canada:  905-795-2012) 
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ndors  hit  the  802.1X 
ark  for  access,  but 
security  holes  remain 


While  previous  iLabs  security-based  test¬ 
ing  focused  strictly  on  how  the  IEEE  802.  IX 
authentication  standard  helped  lock  down 
wireless  LAN  connections,  this  year’s  test¬ 
ing  also  spanned  the  wired  world. 

The  protocol  has  matured  and  vendors 
have  expended  a  great  deal  of  effort  into 
building  products  —  which  in  this  test 
include  client-side  software,  wireless 
access  points,  wired  switches  and 
authentication  servers  —  around  this 
standard.  However,  this  year’s  testing 
demonstrates  that  some  offerings  based 
on  802. IX  stiil  have  a  ways  to  go  before 
we  could  recommend  them  as  enter¬ 
prise-class  security  products. 

The  products  do  implement  802.  IX,  but 
in  most  cases  it’s  going  to  take  a  very 
skilled  network  technician  to  configure 
802.  IX  products  across  any  large  deploy¬ 
ment.  It  also  seems  that  attention  to  imple¬ 
menting  802.  IX  has  distracted  vendors  for 
hitting  on  other  security  standards  such  as 
in  digital  certificate  processing,  manage¬ 
ment  interface  security  and  event  logging. 
These  non-802.1X  issues  could  affect 


802. IX  deployment  overall. 

Where  to  begin? 

In  the  802. IX  world,  a  client  is  referred 
to  as  a  supplicant. The  device  it  connects 
to  is  an  authenticator.  Behind  the  authen¬ 
ticator  is  an  authentication  server  that 
maintains  a  client/server  relationship 
with  the  authenticator. 

We  used  supplicant  software  running  on 
PCs  and  Macintosh  machines  connecting 
to  wireless  access  points  or  wired  switch¬ 
es,  with  RADIUS  servers  providing  authen¬ 
tication.  The  supplicants  tested  were  from 
Cisco,  Funk  Software,  Meetinghouse 
Communications,  Microsoft  and  the  open 
source  implementation  Open  lx.  Wireless 
gear  vendors  represented  were  Broadcom, 
Cisco,  Extreme  Networks,  Proxim,  Symbol 
Technologies  and  Trapeze  Networks. 
Participating  wired  switch  vendors  includ¬ 
ed  Cisco,  Extreme  and  HPStepping  up  with 
802.1X-compliant  RADIUS  implementa¬ 
tions  were  Cisco,  Infoblox,  Funk, 
Meetinghouse,  Microsoft,  Radiator,  Roving 
Planet  and  open  source  FreeRADIUS. 


In  last  year’s  testing,  we 
examined  the  various 
protocol  options  for  auth¬ 
entication  including 
Protected  Extensible  Authentication 
Protocol  (PEAP)  and  Tunneled  Transport 
Layer  Security  (TTLS),  which  use  server 
certificates,  and  TLS,  which  uses  client 
and  server  certificates  (see  www.nwfu- 
sion.com,  DocFinder:  1831). 

This  year  we  focused  on  testing  typical 
combinations  of  the  three  components 
(supplicant,  authenticator  and 
authentication  server)  to  determine 
if  the  various  components  could 
authenticate  correctly,  connect  to 
the  network  and  display  a  Web  page 
running  on  a  test  server. 

We  concluded  that  the  basic  inter¬ 
operability  battles  were  over. 
Vendors  now  are  shipping  802.  IX- 
capable  devices,  in  both  the  wireless 
and  wired  cases.  Most  implementa¬ 
tions  were  able  to  simply  plug  in 
and  interoperate.  There  were  cer¬ 
tainly  some  bugs  uncovered, such  as 
problems  with  digital  certificates, 
and  problems  connecting  certain 
authenticators  (switches)  to  some 
RADIUS  servers,  but  no  more  than  you’d 
find  in  any  other  new  set  of  products  that 
were  thrown  together. 

Tell  me  again  why  I  would  care 
now? 

We’ve  been  reporting  on  802.  IX  as  an 
emerging  security  technology  for  three 
years.  But  we’re  arguing  that  network  pro¬ 
fessionals  should  pay  attention  now 
because: 

•  Wireless  access  control.  With  802.  IX 
in  its  current  state,  we  finally  are  seeing 
the  standards  process  offer  a  set  of  tech¬ 
nically  sound,  secure  access  control 
mechanisms.  This  will  continue  to 
improve  the  options  available  to  control 
and  secure  wireless  (and  wired)  net¬ 
works. 

•  Strong  cryptography  standards. 
802.  IX  is  part  of  the  IEEE’s  ongoing  activ¬ 
ities  to  make  sure  that  networks  can  be 
secured.  As  802.1  li  —  which  specifies  a 
safer  keying  mechanism  with  Temporal 
Key  Integrity  Protocol  (TKIP)  to  replace 
Wired  Equivalent  Privacy  (WEP),and  use 
of  Advanced  Encryption  Standard  (AES) 
for  encryption  —  becomes  available,  we 
will  finally  be  able  to  have  authenticated 
networks  that  use  generally  accepted 
strong  cryptographic  algorithms. 

•  Fine  grained  LAN  access  control.  The 
deployment  of  802.  IX  will  lay  the  ground¬ 
work  for  future  security  mechanisms  — 
like  being  able  to  stop  denial-of-service 
attacks  by  blocking  network  access,  or 
limiting  network  access  to  properly 
scanned  workstations  —  to  control  net¬ 
work  access  on  a  user-by-user  and  port- 
by-port  basis.  This  will  mean  that  in  the 
near  future  you  will  be  able  to  better 
manage  network  repairs  if  you  have  virus 
or  worm  outbreaks  and  have  to  shut  off 
selected  sections  of  your  network. 


That  said,  we’ve  pinpointed  several 
issues  that  can  complicate  the  use  of 
802.  IX,  including  ease  of  use,  end-user 
mobility  and  component  compatibility 
within  the  client  machine. 

Ease  of  use  issues  arising  around  802.  IX 
implementations  exhibit  the  same  class 
of  problems  we’ve  encountered  with 
technologies  such  as  IPSec  in  the  past. 
Adding  802.  IX  support  to  your  network 
means  you  have  a  new  set  of  complex 
user  interface  screens  with  user-unfriend¬ 


ly  terms  such  as  TKIP  and  TTLS.  Few,  if  any, 
supplicant  vendors  have  made  the  user 
interface  easy. 

Microsoft’s  supplicant  uses  multiple 
windows  buried  behind  the  “Network 
Connections”  control  panel  to  configure 
802. IX.  Cisco’s  supplicant  uses  its  own 
multi-screen  user  interface  and  then  still 
requires  you  to  configure  the  Microsoft 
supplicant  on  top  of  it.  Additionally,  most 
of  the  supplicants  don’t  support  diagnos¬ 
tic  logging,  making  troubleshooting  diffi- 
cult.Together,  these  things  can  mean  high 
deployment  costs. 

Mobile  users  of  laptop  computers  or 
wireless  handheld  devices  will  want  to 
travel  between  802. IX  domains.  However, 
you  have  to  be  careful  to  configure  the 
802.  IX  supplicant  software  to  allow  this. 
Some  implementations  disable  by  default 
those  portions  of  the  Microsoft  driver 
components  so  that  you  can  no  longer 
access  an  open  wireless  access  point  like 
you  find  at  many  Wi-Fi  hot  spots.  This 
rigidity  won’t  work  if  you  have  users  who 
take  their  notebook  computers  from  the 
office  where  they  use  a  802.1X-enabled 
wireless  access  point  to  coffee  shops  or 
other  environments  that  typically  don’t 
use  802. lx.  In  this  example,  those  users 
would  be  denied  access  the  Internet. 

The  802. IX  supplicant  introduces  yet 
another  link-layer  protocol  processing 
component  into  client  machines.  This  is 
an  area  where  the  technology  is  complex 
and  delicate  and  errors  occur  when  tech¬ 
nologies  are  mixed.  Combining  802.  IX 
supplicants,  virus  scanning,  personal  fire¬ 
walls,  and  VPN  client  software  into  one 
end  user  machine  can  be  a  daunting 
debugging  task. 

What  is  missing? 

All  supplicants  and  all  authentication 

See  Security,  page  66 


Is  it  time  to  go 
shopping  for  802.1 X? 


There  are  some  802. IX  products  that  might  be  |§| ||iL 

ready  for  your  enterprise  deployment.  To  help  — r 

ascertain  which  products  they  might  be,  Network 
World  Lab  Alliance  and  iLabs  team  member  Rodney 
Thayer  proposes  the  following  questions  be  asked  of 
•  the  vendors  you're  considering  at  this  juncture. 

1.  What  is  the  per-seat  cost  of  deploying  supplicant 
software?  Will  I  need  to  reload  the  operating  sys¬ 
tem  to  get  the  supplicant  to  work? 

2.  How  does  the  802. IX  implementation  support  roam¬ 
ing  users? 

3.  Are  the  new  features  in  the  client  and  the  access  points  implemented 

-securely  beyond  the  802. IX  specifications?  For  example,  do  they  properly 
process  certificates?  ,  , 

■  '4.  Are  the- new  features  in  the  access  points  implemented  in  a  resilient  fash¬ 
ion?  Gan  you  specify  at  least  two  RADIUS  servers  when  you  configure  802. IX? 

. ;  5.  Are  there  secure  mechanisms  available  to  manage  these  access  security 
devices?  For  example,  can  you  use  “https"  to  access  the  Web  interface  on  the 
.  tireless  access  ppirit? 

6il  Are  the  access  points  and  RADIUS  servers  generating  logs?  Can  you  con- 
L  .  figure  these  to  send  their  logs  to  an  external  log  server  or  SEM?  If  someone 
■■  'were  to  attempt  to  gain  access  with  802. IX  in  place,  would  there  be  a  record?  If 
■  sOmeotie  fails  to  log  on  over '802. IX.  does  that  logon  failure  generate  an  event? 


I  •  - 


With  802.1x  in  its  current 
state,  we  are  finally  seeing  the 
standards  process  offer  a  set 
of  technically  sound,  secure 
access  control  mechanism.” 


lllUSTRATlON  S  ff 


SAUER 


•'■■■5  v;v.  . 

%'£■  ;V: 
" 

‘i  ■  i  Sv®gP® 

.  •  . .  ,A.‘  ' 


A  totally  integrated  network  vision  solution 

At  the  speed  of  sight. 


r 


YOUR  EXISTING  TOOLS 


Our  new  OptiView  Network  Analysis  Solution 


integrates  packet  capture,  statistical  analysis 


and  network  discovery  so  you  can  see  your  entire 


enterprise  in  one  amazing  view,  fast.  No  need  to 
open  multiple  applications.  It's  all  right  there  before 
your  eyes,  on  one  console.  It  even  integrates  your 


tools  from  other  vendors  into  a  comprehensive 
solution  of  portable  and  distributed  software  and 
hardware  that  produces  unprecedented  network 
vision.  Tough  to  install  and  use?  Nope.  Flexible  and 
scalable?  Totally.  Buy  only  the  components  you 
need  now  and  add  more  analysis  power  as  your 
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Snifter,  Floor  8  Trap  Floor  8  Expart  •  (Ethwnet):  Repeal  ACK  11:44  AM3/15«3 

Sniffer,  Redmond  Bra  Trap:  Redmond  Branch  Expert  -  (Ethernet);  Broa  6:11  AM 3/15/03 
Sniffer,  FI  oor  8  Trap :  FI  oor  8  Expert  -  ( Ethernet ).  Route  FI  appi  ng  1 1 :07  P  M  3/1 4A53 

Citrix_04  flukenetvMor  Device  Demoted  to  Backup  Domain  Controller  3:32  AM  3/15/03 
Sniffer,  Root  8  Trap:  Root  8  Expert  •  (Ethernet):  Browser  Electio  10:47  AM  3/15/03 

Fnet_166J1uk«netwo  IP  Address  change  from  192  168.55.44  to  192.1  6:55  PM  3/14/03 

Robert _J_T PAD  Only  device  in  NETBIOS  domain:  O MICRON  2:50  PM  3/15/33 

WING7_ACCESS_C5  Key  devtoe  not  responding  IP  Ping  failed  5:44  PM  3/14/03 

SINGA.Routeiluken  Interlace  Utilization  Exceeded  Error  Threshold  9:33  PM  3/14/03 
WATFORD_Routailuk  Interface  Errors  Exoeeded  Warning  Threshold  11 .52  AM  3/15/03 
W1NG3_ACCESS_C5  IP  Service  no  Longer  Seen  on  Device  2:22  PM  3/15/03 

WEB_RTflukertetwor  SNMP  Reported  Device  Rebooted  404  AM  3/14/33 

T-EMIG  Duplicate  IP  Address  9  59  AM  3/15/03 
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network  grows.  To  see  how  your  network  is 
performing  at  warp  speed,  you  really  ought  to  check 
this  out.  It's  Network  Supervision  at  its  finest. 
And  fastest. 


Seeing  is  believing. 

Go  to  www.flukenetworks.com/optiviewsolutions 
to  see  our  new  demo  now. 


NETWORKSUPERVISION 


servers  that  implement  802. IX  are  part  of 
the  network  infrastructure,  use  cryptogra¬ 
phy  and  play  a  role  in  the  overall  authenti¬ 
cation  scheme.  Therefore,  there  are  gener¬ 
ally  accepted  security  considerations  that 
these  products  should  address.  As  part  of 
•lie  infrastructure,  they  should  have  fea¬ 
tures  that  implement  resiliencysuch  as  the 
ability  for  an  access  point  to  use  alterna¬ 
tive  RADIUS  servers  in  case  the  primary 
server  fails  This  sort  of  resiliency  is  missing 
in  some  of  the  products.  Because  the 
RADIUS  server  is  a  critical  part  of  the 
authentication  mechanism,  a  failure  there 
will  stop  access. 

All  RADIUS  servers  implementing  802. IX 
must  have  a  server  certificate.  This  means 
they  have  to  implement  the  same  level  of 
security  for  storing  cryptographic  keys  as 
other  devices,  such  as  Secure  Sockets 
Layer  (SSL)-enabled  Web  servers.  Many 
vendors  don’t  do  this.  Instead,  they  simply 
store  the  RSA  Private  Key,  used  in  the  SSL 
protocol,  in  an  unencrypted  file  on  the 
local  hard  disk.  HP’s  switches,  for  example, 
do  not  store  the  private  key  in  an  encrypt¬ 
ed  fashion.  Lax  processing  of  the  certifi¬ 


cates  means  that  an 
attacker  could  obtain  a 
client  802. IX  certificate, 
install  it  in  a  RADIUS  serv¬ 
er  and  masquerade  as  a  legitimate  server, 
thus  tapping  network  traffic. 

Like  any  other  network  infrastructure 
devices,  wireless  access  points,  switches 
and  RADIUS  servers  should  have  secur- 
able  management  interfaces.  This  usually 
means  the  use  of  Secure  Shell  (SSH),  if 
they  have  a  console  interface,  or  SSL 
(Secure-HTTP)  if  they  have  a  Web  inter¬ 
face.  Cisco’s  access  points  do  not  do  this 
—  you  can  only  manage  them  with  an 
unencrypted  connection  to  their  Web 
interface.  Neither  does  Meetinghouse. 
Infoblox  gets  partial  credit  —  it  uses  SSL 
for  its  Web  user  interface  but  it  only  sup¬ 
ports  self-signed  certificates.  This  means 
that  an  attacker  who  can  gain  access  to  the 
network  used  for  device  management 
potentially  could  sniff  passwords.  Even 
with  a  self-signed  certificate,  a  man-in-the- 
middle  attack  still  could  be  used  to  gain 
management  access.  Other  vendors,  such 
as  Trapeze  and  Extreme,  provide  SSH  and 
SSL  management  interfaces. 

Finally,  there  should  be  a  reasonable 
mechanism  for  these  devices  to  share  their 


event  logs  with  a  central¬ 
ized  security  event  man¬ 
agement  system  so  that 
the  network  managers 
can  monitor  attempted  attacks  or  intru¬ 
sions  and  create  security  audit  trails. 
Neither  Cisco  nor  Funk  offer  external  log¬ 
ging  from  their  RADIUS  servers.  Other 
implementations,  such  as  Infoblox, 
Microsoft  and  Roving  Planet,  provide  inte¬ 
gration  with  an  external  logging  facility 

Where  is  802.1 X  going? 

The  standards  still  are  moving.  Just  last 
month,  Cisco  proposed,  and  then  unilater¬ 
ally  deployed,  yet  another  authentication 
mechanism  called  Extended  Authentica¬ 
tion  Protocol  —  Flexible  Authentication 
via  Secure  Tunneling  (EAP-FAST).  EAP- 
FAST  addresses  Cisco’s  concern  that  users 
don’t  want  to  use  certificates  and  would 
prefer  to  use  passwords  for  authentication. 
Cisco  has  asked  the  IETF  to  accept  EAP- 
FAST  as  an  Informational  (not  a  standard) 
RFC.  It  applies  to  the  wireless  and  wired 
environments. 

Another  area  to  be  addressed  is  the  con¬ 
sistent  use  of  802.  IX  in  the  wired  case.  If 
you  have  made  the  policy  decision  that 
access  to  your  wired  network  should  be 


controlled,  you  need  to  be  consistent 
about  that  or  you  will  introduce  security 
holes.The  only  802.1X-capable  supplicants 
shown  in  the  iLabs  demonstration  are 
workstations.  Even  the  wireless  access 
points,  which  are  themselves  clients  if  you 
think  about  the  cable  coming  out  of  the 
back  and  going  into  a  switch,  should  be 
capable  of  using  802.  IX  as  a  supplicant. 

A  network  deployment  with  90  worksta¬ 
tions  all  using  802. IX  authentication 
doesn’t  protect  the  LAN  if  the  printer  and 
the  UPS  aren’t  also  using  it  or  aren’t  oth¬ 
erwise  protected.  If  your  security  policy  is 
such  that  all  network  access  must  be 
authenticated,  you  don’t  want  to  leave 
unlocked  doors,  whereby  an  attacker  can 
get  on  the  network  simply  by  unplugging 
a  printer  and  plugging  in  a  computer  to 
launch  an  attack. 

All  vendors  of  network-enabled  devices 
should  offer  802.  IX  if  this  is  going  to  be 
deployable  in  a  secure  consistent  manner. 
This  same  concern  also  applies  as  more 
specialized,  network  enabled  handheld 
devices  go  wireless. 

Thayer  is  a  security  researcher  at  Canola 
&  Jones  in  Mountain  View,  Calif.  He  can  be 
reached  at  rodney@canola-jones.com. 
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leant  mixes  MPLS  and  IPv6  for  enterprising  results 

The  iLabs  Advanced  Internetworking  Initiative  team  in  collaboration  with  Isocore  Internetworking  Lab,  this  week  will  deploy  a  live,  Multi-protocol 
Label  Switching  network  to  examine  various  MPLS  VPN  technologies  and  some  of  the  latest  developments  in  IPv6 / IPv4  /MPLS  integration.  All  team 
members  —  Hege  Trovsik,  Rajiv  Papneja  and  Jim  Martin  —  took  some  time  from  their  busy  pre-show  testing  efforts  last  month  to  discuss  their  project 
with  Network  World  Managing  Editor  Jim  Duffy.  An  unabridged  version  of  the  interview  can  be  found  at  www.nwfusion.com,  DocFinder:  1923. 


What  are  the  overall/overriding  objectives 
of  your  tests? 

Papneja:  The  overall  objective  is  to  establish  the 
availability  of  advanced  enterprise  applications 
across  a  capable,  interoperable  MPLS-based  core. 
This  year's  demonstration  is  unique  as  it  shows  the 
readiness  of  the  MPLS  capability  to  support  IPv6 
customers  without  causing  MPLS  to  be  extended 
further,  or  the  need  to  replace  the  IPv4-capable 
core  routers  in  the  existing  service  provider  infra¬ 
structure.  Also,  this  enables  enterprise  customers 
to  move  to  IPv6  supported  devices  and  still  be 
transparently  connected  to  same  IPv4  infrastruc¬ 
ture. 

Are  you  testing  MPLS’  edge  service  capa¬ 
bilities?  Or  core  transport  capabilities? 

Or  both? 

Papneja:  The  focus  will  be  primarily  on  the  edge 
services  and  applications.  The  demonstration  will 
include  cases  showing  how  various  MPLS  tech¬ 
nologies  can  benefit  the  enterprise  customers,  and 
these  customers  can  deploy  their  own  services 
without  much  overhead.  For  example,  the  demon¬ 
stration  will  be  showing  different  types  of  MPLS 
VPNs  [Layer  2/Layer  3],  IPv6  over  MPLS  and 
Multicast  over  MPLS.  In  addition,  certain  core  fea¬ 
tures,  such  as  Fast  Reroute  across  a  [quality-of- 
service]-aware  and  a  traffic-engineered  core,  will 
be  examined. 

Attendees  will  be  able  to  experience  edge  ser¬ 
vices  such  as  Layer  2  point-to-point  and  point-to- 
mukipoint  VPNs  [including  virtual  private  LAN  ser¬ 


vice],  Layer  3  VPNs  based  on  IETF  RFC  2547bis, 
Fast  Reroute  capable  Label  Switched  Paths  using 
[Resource  Reservation  Protocol-Traffic 
Engineering]  Extensions,  Multicast  over  MPLS  and 
IPv6  tunneling  over  MPLS. 

Martin:  Our  work  with  IP  Multicast  in  some 
ways  builds  on  the  MPLS  core  and  in  others  is 
completely  orthogonal  to  it.  The  MPLS-related  por¬ 
tion  involves  attempting  to  deploy  IP  Multicast  over 
[Border  Gateway  Protocol]/VPNs  —  the  [IETF] 
"Rosen  draft"  —  which  allows  private  multicast 
domains  to  transit  a  MPLS-enabled  core,  and  pre¬ 
serve  most,  if  not  all,  of  the  key  advantages  of  mul¬ 
ticast,  like  non-replication  of  streams  over  a  given 
link. 

We  will  contrast  this  with  providing  private  Layer 
2  VPNs  and  running  existing  multicast  protocols 
directly  on  those  paths,  which  inherently  can  lead 
to  replication.  This  investigation  is  crucial  as  more 
enterprises  use  multicast  as  part  of  their  business 
and  need  to  interconnect  far-flung  sites. 

During  hot  stage  testing,  we  were  able  to  get  a 
single  vendor's  implementation  to  work  at  the 
provider  edge,  over  a  multi-vendor  core.  At  the 
show,  we  intend  to  bring  additional  implementa¬ 
tions  into  the  mix  at  the  edge  and  see  how  they 
interact. 

This  is  likely  to  be  quite  interesting,  as  the  Rosen 
draft  has  one  of  the  common  pitfalls  of  modern 
standards:  It  specifies  three  possible  sets  of  han¬ 
dling  rules,  with  two  different  encapsulations.  Thus 
with  six  different  "draft-compliant"  scenarios, 
interoperability  is  far  from  certain. 


How  many  vendors  are  involved?  How  many 
platforms  —  label  edge  routers  (LER),  label 
switch  routers  (LSR)  —  connected  via  what 
speed  links? 

Trovsik:  We  have  24  participating  vendors  and  10 
supporting  vendors.  About  15  are  router  vendors, 
and  three  are  test  equipment  vendors  that  will  also 
act  as  LERs  and  do  IPv6  and  multicast.  We  will  have 
about  four  core  routers  and  25  edge  devices,  al¬ 
though  some  of  these  will  be  doing  IPv6  and  multi¬ 
cast  and  not  MPLS.  We  also  have  vendors  of  traffic 
analyzers,  traffic  policers  and  path  optimizer  tech¬ 
nology  participating. 

What  services  —  TDM,  ATM,  IP,  frame, 
Ethernet,  video,  others  —  are  you  running 
across  the  MPLS  network?  How  is  each 
service  benefiting  —  or  not  —  from  MPLS? 

Papneja:  For  Layer-2-specific  VPNs,  based  on  the 
hardware  availability,  any-to-any  connectivity  will  be 
demonstrated.  For  example,  at  one  site,  the  attach¬ 
ment  circuit  could  be  Ethernet,  port-based,  and  the 
remote  end  could  be  virtualized  Ethernet  ports  or 
virtual  LANs.  Other  types  of  attachment  circuits 
that  will  be  carried  across  MPLS  transport  include 
ATM  [virtual  path  identifier/virtual  circuit  identifier] 
and  frame  relay  [data  link  circuit  identifier].  With  a 
network  consisting  of  this  many  vendors  and  differ¬ 
ent  routers,  it  was  necessary  to  choose  a  few  com¬ 
monly  used  interface  types  as  the  preferred.  Gigabit 
Ethernet  and  OC-12/OC-48  are  the  technologies  we 
chose  for  the  core. 
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IronPort  helps  financial  services 
giant  KeyCorp  put  spam  in  its  place 


“In  the  first  month  we 
implemented  IronPort ,  we  went 
from  blocking  about  36%  of  spam 
to  blocking  more  than  97%>.’ 


There's  no  putting  a  pretty  face  on  it:  KeyCorp 
was  drowning  in  spam. 

One  of  the  world’s  largest  bank-based  finan¬ 
cial  services  organizations,  with  more  than 
20,000  employees  in  12  states,  the  company 
had  two  quad-processor  Windows  servers  handling  its 
email,  with  two  more  as  backups.  But  even  that  wasn’t 
enough  to  keep  up  with  the  volume  of  spam  the  compa¬ 
ny  was  receiving,  says  Mark  Fitzgerald,  senior  technolo¬ 
gy  specialist  for  Work-  _ 

place  Automation  Tech¬ 
nology,  the  KeyCorp  IT 
unit  charged  with  main¬ 
taining  email  systems 
and  other  collaborative 
applications. 

“The  CPUs  were 
pegged  at  100%  half  the 

time,”  Fitzgerald  says,  _ 

with  spam  accounting 

for  about  70%  of  all  incoming  mail  volume. 

It  wasn’t  that  Fitzgerald  and  his  team  were  ignoring 
the  spam  problem.  To  the  contrary,  they  used  a  com¬ 
mercial  anti-spam  product  and  augmented  it  with  at 
least  five  real-time  blackhole  lists  (RBLs),  which  are 
intended  to  identify  mail  from  known  sources  of  spam. 
The  company  would  stop  mail  only  if  it  showed  up  on 
three  of  the  five  RBLs.  “Because  we  are  so  sensitive  to 
false-positives,  we  were  forced  to  let  a  lot  of  spam  in,” 
Fitzgerald  says. 

In  February,  the  company  put  a  stop  to  its  spam 
woes  by  installing  the  IronPort  C60,  an  email  appliance 
that  protects  against  spam,  viruses  and  other  email- 
borne  security  threats  while  also  serving  as  a  high¬ 
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Mark  Fitzgerald, 

Senior  technology  specialist,  Workplace  Automation  Technology,  KeyCorp 


The  IronPort  C-Series 
integrates  easily  into 
existing  messaging 
infrastructures. 
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performance  mail  gateway  and  content  policy 
enforcement  engine. 

To  solve  its  immediate  spam  problem,  KeyCorp  was 
most  interested  in  IronPort’s  Reputation  Filters™  tech¬ 
nology  and  SenderBase™  reputation  database  (see 
story,  this  page).  Together,  they  enable  the  IronPort  C60 
to  assess  the  reputation  of  email  senders,  assigning 
each  a  numeric  score.  Scores  range  from  -10  for  known 
spammers  to  +10  for  mail  that  is  known  to  be  legitimate. 

_  With  the  reputation 

score  in  hand,  KeyCorp 
can  then  apply  policies 
that  intelligently  dic¬ 
tate  how  mail  should 
be  handled.  KeyCorp 
outright  blocks  any 
mail  with  a  score 
between  -6  and  -10 

_  and  throttles  mail 

rated  from  -2  to  -6. 
Throttling  can  take  different  forms,  including  limiting  the 
number  of  recipients  allowed  per  hour,  the  size  of  the 
email  messages,  the  number  of  connections  allowed 
from  a  single  IP  address  and  the  number  of  recipients 
allowed  per  message.  If  a  domain  with  a  negative  repu¬ 
tation  score  tried  to  send  3,000  messages  at  once,  for 
example,  the  IronPort  C60  would  only  accept  20  per 
hour  from  that  particular  domain  and  reject  the  rest. 

Rating  incoming  mail  in  this  manner  makes  the 
IronPort  C60’s  integrated  Brightmail  spam  filter  more 
effective.  Messages  with  a  poor  reputation  score  can 
be  dropped  outright,  while  those  with  a  good  score  can 
simply  bypass  the  filter.  Brightmail  is  left  to  examine 
only  those  messages  deemed  suspicious,  which  great¬ 
ly  reduces  its  load. 

Today,  KeyCorp’s  spam  problems  are  a  memory.  “In 
the  first  month  we  implemented  IronPort,  we  went  from 
blocking  about  36%  of  spam  to  more  than  97%, ” 
Fitzgerald  says.  In  one  three-week  period  in  April,  the 
IronPort  C60  looked  at  more  than  4.5  million  mes¬ 
sages.  Of  those,  fewer  than  1.5  million  -  or  roughly 
30%  -  were  sent  through  to  a  recipient;  the  rest  were 
discarded  as  spam. 

Getting  rid  of  all  that  spam  adds  up  to  a  significant 
return  on  investment  from  productivity  savings  alone. 
"We've  got  about  20,000  email  users.  If  each  one  only 
spent  five  minutes  in  the  morning  determining  what 
was  spam  and  deleting  it,  that’s  a  huge  productivity 
gain  right  there,”  Fitzgerald  says.  Today,  even  on  a 
Monday  morning,  users  may  get  only  two  or  three  spam 
emails.  "At  first,  people  were  calling  us  and  asking  if 
there  was  something  wrong  with  the  mail  system.  They 
were  used  to  receiving  so  much  junk  mail,  they  were 
concerned  when  it  just  stopped.” 

Additionally,  the  IronPort  C60  now  processes  the  bulk 
of  KeyCorp's  email,  such  that  utilization  on  the  compa¬ 
ny’s  mail  servers  is  no  longer  an  issue.  “On  the 
IronPort  box,  I  rarely  see  disk  I/O  up  over  15%,  even 
when  we’re  getting  hammered  by  a  dictionary  attack," 
he  says. 


IRONPORT" 

Powerful.  Reliable.  Secure. 


SMTPi:  A  Foundation 
for  Intelligent 
Email  Handling 

The  IronPort  Systems  family  of  messaging 
gateway  appliances  brings  security  and  trust 
to  email  by  implementing  the  company’s 
SMTPi  architecture. 

SMTPi  adds  a  crucial  “identity”  element  to  the 
Simple  Mail  Transfer  Protocol  (SMTP),  along  with 
reputation  and  policy  components.  SMTPi  first 
seeks  to  establish  the  identity  of  an  email  sender  by 
verifying  the  IP  address  of  the  sending  message 
transfer  agent  (MTA),  which  is  far  more  difficult  to 
forge  than  the  simple  return  address.  Going  forward, 
SMTPi  will  incorporate  additional  identity  authenti¬ 
cation,  including  emerging  systems  from  Microsoft, 
Yahoo!  and  others  that  allow  companies  to  deter¬ 
mine  which  mail  servers  are  allowed  to  send  email 
using  a  particular  domain 
name.  Ultimately,  SMTPi  will 
also  support  “universal” 
identity  systems  that  use  digital  certificates  to 
achieve  a  high  level  of  accuracy  in  identifying  email 
senders,  even  down  to  the  individual  level. 

Once  an  email  sender  has  been  accurately  identi¬ 
fied,  the  next  step  is  to  assess  his  email  history  or 
reputation  using  IronPort’s  SenderBase,  which  acts 
like  a  credit  reporting  system  for  email  senders. 
SenderBase  (www.senderbase.org)  monitors  various 
factors  to  assess  the  reputation  of  a  sender,  includ¬ 
ing  global  sending  volume,  complaint  levels,  whether 
a  sender’s  DNS  resolves  properly  and  accepts  return 
mail,  blacklist  information  and  other  parameters. 
SenderBase  renders  a  statistical  score,  the 
SenderBase  Reputation  Score,  which  provides  an 
assessment  of  the  email  sender’s  reliability. 

The  SenderBase  Reputation  Score  enables  email 
administrators  to  create  policies  for  intelligently 
handling  incoming  mail.  When  combined  with  the 
threat  prevention,  content  scanning,  Brightmail- 
based  spam  detection  and  Sophos  antivirus  capa¬ 
bilities  integrated  with  the  high-performance 
IronPort  Messaging  Gateway  appliances,  SMTPi  pro¬ 
vides  powerful  mail  handling  capabilities. 
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Learn  more  about  SMTPi 
and  IronPort  appliances 

Download  the  white  paper,  “SMTPi:  An  Email  Security 
Architecture,”  as  well  as  data  sheets  on  IronPort’s 
family  of  Messaging  Gateway  Appliances. 

Visit:  www.ironport.com/future 
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Go  to  http://www.nefgear.com/go/euadmswitch. 
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To  learn  more  about  NETGEAR's  entire  range  of  business-class  switch, 
wireless  and  security  networking  products,  call  your  local  reseller  or  visit 
www.netgear.com/where_to_buy.html  to  find  a  location  near  you. 
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e  easiest  way  to  move  up  to  managed  switching 

is  also  the  most  affordable. 
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FSM7326P 

Layer  3  Power-over- Ethernet  Managed  Switch 


NETGEAR 


Managed  Layer  3  Gigabit  Switches 

GSM7324  24-port 

GSM73 1  2  1  2-port 


Managed  Layer  2  Gigabit  Switches 


GSM712  12-port 


GSM712F  12-port 


has  the  proof. 


Budget  proof. 

Why  spend  nearly  $1 00  a  port  for  one  of  our  competitor's  switching  solutions 
when  you  can  own  a  NETGEAR®  FSM7326P  24+2  Layer  3  Power-over- Ethernet 
managed  switch  for  just  $46  a  port?  Or  pay  just  $1 1  8  a  port  for  the  NETGEAR 
GSM731 2  1 2-port  Layer  3  Gigabit  switch  where  others  are  priced  at  $235  a  port, 
a  whopping  50%  savings  over  competitive  solutions. 

Hassle  proof. 

With  the  FSM7326P,  you'll  get  a  fast  switch  with  Gigabit  speeds,  VLAN  and  subnet 
segmentation,  advanced  bandwidth  management  and  a  migration  path  to  VoIP 
and  wireless  networking.  You'll  get  a  switch  that's  hassle  proof,  ready  to  work  out 
of  the  box  and  easy  to  use.  Standards-based,  NETGEAR  managed  switches  are 
also  future  proof,  able  to  integrate  seamlessly  at  every  level,  so  you  can  easily  grow 
current  networks  and  accommodate  new  ones. 

Bullet  proof. 

Since  1 996,  the  reliability  and  flexibility  of  NETGEAR  switches  have  enabled  higher 
performance  and  dependability  in  networks  across  the  globe.  Whether  you're 
planning  for  rapid  expansion  or  need  to  implement  fast  changes  to  meet  unexpected 
demands,  NETGEAR  offers  a  wide  choice  of  switches  from  unmanaged  Fast  Ethernet 
up  to  the  latest  Layer  3  Gigabit  solutions. 


Managed  Stackable  10/100  Mbps  Switch 


FSM750S  48-port 


Proof  positive  NETGEAR  is  the  choice  for  you. 

More  proof —  a  FREE  Palm®V. 

Get  a  Palm  V  with  the  purchase  of  any  of  the  NETGEAR 
managed  switches  listed  on  the  left,  including  FSM7326P, 

GSM731 2,  GSM7324,  GSM71 2,  GSM71 2F  and  FSM750S. 

This  offer  ends  June  30,  2004.  Plus,  you  can  register  for  a  FREE  white  paper 
on  managed  switching. 


IP-based  systems  allow  companies 
to  route  calls  to  home  workers 
and  satellite  offices. 


■  BY  LORI  BOCKLUND 


BAXTER  CREDIT  UNION  TOOK  A 
bold  approach  to  upgrading  its 
call  center.  In  late  2002  it  merged 
voice  and  data  on  a  single  net¬ 
work  and  deployed  an  IP-based 
contact  center  platform  from 
Interactive  Intelligence. 


The  new  system  has  delivered  on  its  promise  to 
help  the  company  grow  its  business  and  expand 
its  call  centers  easily  and  cost  effectively.  8CU  has 
about  60  people  in  the  main  call  center  in  the 
Chicago  area,  and  rolling  out  the  new  system  to  15 
remote  service  centers  has  been  smooth  —  each 
new  site  is  treated  as  an  add-on  to  the  existing  IP 
network. 

BCU  adds  the  remote  staff  to  call  center  queues 
when  needed  and  can  retain  key  employees  by  let¬ 
ting  them  work  from  home.  BCU  uses  one  applica¬ 
tion  to  manage  all  media  for  routing  and  reporting 
across  agent  locations. 

The  Texas  Association  of  .School  Boards  (TASK) 
is  taking  a  more  phased  approach.  TASB  recently  > 
pur<  hased  a  Siemens  platform  that  is  “IP-veady"- 
it  can  migrate  to  VoIP  as  needed.  Under  TASB's 
long-term  plan,  remote  and  mobile  users  will  be 
on  IP  in  2005,  and  they  expect  to  lP-enab!e  the 
product  and  service  center  that  supports  edv tu¬ 
tors,  administrators,  school  boards  and  the  puhhc 
by  2006. 

TASB  opted  not  to  implement  pure  VoIP  initially 
because  there  was  no  compelling  business  reaso?. 
to  switch  and  because  there  were  too  many  bun¬ 
dles,  including  preparing  the  network  with  switch 

See  Call  canter,  page  <■ 


Finish  Line 


Company: 


Indianapolis 


Location: 


Retail  athletic  shoes  and  apparel. 


Business: 


Deployed  50  VoIP  call  center  seats 
with  SIP  phones  last  July:  300 
enterprise  seats  in  October. 


Lower  IT  costs,  richer  applications, 

Robert  Gray,  director  of  telecommunications  at 
Finish  Line,  plans  to  add  multimedia  apps  to  his 
IP-based  call  center. 


Benefits: 


h  b*a«. 


AT&T 
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More  seamless  accessibility  options. 


A  better  security  option. 


Sprint 

m 
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More  IP  data  options  from  Sprint. 


Sprint  has  more  IP  data  options  to  meet  your  company's 
needs  than  AT&T. 


Sprint  IP  data  services  provide  seamless 
access  to  your  corporate  data,  enabling  you 
to  connect  your  headquarters  to  branch 
offices,  home  offices  and  mobile  employees. 


The  Sprint  Peerless  IP  network  is  more  secure 
since  it  has  no  connection  to  the  public  Internet. 


Get  the  facts  at  sprint.com/facts  or  call  866-700-0029 
for  a  Business  Representative. 


One  Sprint.  Many  Solutions;" 

Voice/Data  PCS  Wireless  Internet  Services  E-Business  Solutions  Managed  Services 


Accessibility  claims  based  on  the  portfolio  of  seamless  Sprint  IP  and  wireless  network  capabilities,  and  the  portfolio  of  the  AT&T  IP  network.  Security  claims  based  on  the  Sprint  Peerless  IP  network  and 
the  AT&T  IP  network.  ©Sprint  2004.  All  rights  reserved.  Sprint  and  the  diamond  logo  are  trademarks  of  Sprint  Communications  Company  L.P.  All  other  marks  are  the  property  of  their  respective  owners. 
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Call  center 

continued  from  page  69 

and  router  upgrades,  replacing  all  the  desktop 
phones  and  upgrading  its  adjunct  systems  such  as 
voice  mail. 

But  TASB  is  now  in  a  good  position  because  it  will 
be  ready  to  deliver  business  applications  on  the  new 
platform  when  necessary. 

The  great  migration  to  the  IP  contact  center  is 
underway. While  there  are  many  approaches,  vendors 
and  users  agree  that  the  decision  is  not  driven  by  the 
technology  but  rather  by  business  applications  that 
the  technology  enables.  BCU  and  TASB  are  taking 
very  different  paths  to  Voipbut  each  made  the  right 
decision  for  their  current  and  future  business  needs. 

In  general,  however,  the  migration  is  happening  very 
slowly  Art  Schoeller,  an  analyst  at  The  Yankee  Group, 
says, “The  move  to  IP  in  the  contact  center  is  inevitable 
but  not  imminent.  The  transition  from  TDM  to  IP  cat¬ 
alyzed  by  Cisco,  is  much  like  the  transition  from  analog 
to  digital  systems,  which  was  catalyzed  by  Rolm.Like 
that  transition  over  20  years  ago, this  transition  will  take 


Keys  to  IP  contact 
center  success 

Tips  and  tricks  to  ease  IP  implementations. 

1.  Understand  the  business  drivers.  IP  in  the 

contact  center  is  a  business  decision,  not  a  technol¬ 
ogy  decision.  Don't  lose  sight  of  that. 

2.  Conduct  a  network  assessment,  and 
make  upgrades  so  your  network  is  rock  solid. 

Quality  of  service  is  critical.  Some  companies  might 
need  to  upgrade  to  the  latest  versions  and  releases 
of  routers  and  switches.  Many  establish  a  separate 
virtual  LAN  for  voice.  Ensure  adequate  power  on  the 
Ethernet  network,  and  test  it.  Spend  more  time 
preparing  and  testing  your  remote  sites.  Network 
assessments  are  prerequisites  for  most  vendors  that 
might  offer  them  directly,  through  partners  or  as  an 
option  for  companies  to  self-assess. 

3.  Include  testing  initially  and  as  an  ongoing 
practice.  Test  VoIP  quality  and  monitor  as  your  net¬ 
work  changes.  Continually  test  for  network  vulnera¬ 
bilities  as  you  do  for  your  data  applications. 

4.  Take  your  time.  Choose  your  migration 
approach,  applications,  infrastructure  platforms  and 
partners  wisely. 

5.  Involve  a  cross-functional  team  in  the 
planning  and  implementation,  including  call 
center  professionals.  These  applications  are  so 
important  that  this  can’t  be  a  purely  technology-dri¬ 
ven  event. 

6.  Keep  it  (relatively)  simple.  Minimize  the 
number  of  vendors,  the  complexity  of  your  network 
and  the  number  of  technology  platforms.  Your  net¬ 
work  will  be  easier  and  less  expensive  to  maintain, 
manage  and  support. 

7.  Don’t  be  cheap.  Make  the  necessary  invest¬ 
ments  in  redundancy,  capacity,  network  testing, 
resource  training  and  piloting. 

8.  Be  involved.  Expect  to  be  an  active,  hands-on 
participant.  Choose  your  vendor  carefully  and  pick 
one  that  understands  VoIP,  but  don't  just  rely  on  it. 
Build  an  internal  team  that  understands  the  network 
and  applications  well. 
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IP  call  center  scenario 

In  a  multisite  IP  network,  a  call  center  at  headquarters  can  be  connected  over  the  WAN 
to  satellite  and  home  offices. 
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time.  And  this  one  is  more  complex.” 

And  the  small  shall  lead 

Most  IP  contact  center  installations  have  occurred 
in  small  to  midsize  businesses  (SMB).  Many  of  these 
SMBs  use  home  agents  and  remote  offices.  SMBs 
tend  to  be  more  willing  than  larger  companies  to 
take  risks,  many  are  growing, and  they  are  reaping  the 
benefits  of  flexibility  and  agility. 

There  are  fewer  large  installations  in  place, and  they 
are  generally  multisite,  often  with  overseas  positions 
(including  outsourcers). The  major  vendors  such  as 
Avaya,  Cisco  and  Nortel  all  say  they  have  pure  IP 
installations  of  2,000  seats  or  more. 

“The  industries  making  radical  changes  are  the 
ones  who  are  suffering  the  most  pain  from  econom¬ 
ic  and  market  forces,  such  as  teleservices  [out¬ 
sourcers],  airlines,  telecom  and  high-tech  compa¬ 
nies,”  says  Lawrence  Byrd,  a  convergence  strategist  at 
Avaya.'These  companies  are  seeking  substantial  cost 
savings  from  infrastructure  consolidation,  for  exam¬ 
ple  reducing  30  separate  [automatic  call  distribu¬ 
tors]  to  one  or  two,  moving  away  from  the  complex 
and  expensive  network  routing  architectures  of  the 
1990s,  and  intelligently  routing  the  right  customer  to 
the  right  agent,  wherever  they  are. 

“These  companies  understand  that  they  must  make 
more  significant  investments  in  network  optimiza¬ 
tion,  as  well  as  changes  to  their  business  processes 
and  how  they  manage  their  people.  But  they  are  will¬ 
ing  to  do  so  for  the  payback  offered.  IP  telephony  in 
the  contact  center  is  the  technology  enabler  for  such 
transformation,"  he  says. 

Today,  many  of  the  large  installations  —  those 
exceeding  200  seats  —  are  hybrid  solutions,  some 
sites  are  TDM, some  are  IPCompanies  use  IP  trunking 
between  sites  and  IP  to  some  desktops,  for  example, 
at  new  sites  or  sites  where  the  switch  has  been 
upgraded. The  traditional  PBX  can  serve  as  a  gateway, 
converting  between  TDM  and  IP 

Customers  with  multiple  locations  are  turning 
autonomous  sites  into  satellite  sites,  significantly 
reducing  the  numbers  of  servers,  applications  and 
licenses  required  for  functions  such  as  routing, 


reporting,  Computer  Telephony  Integration  (CTI), 
quality  monitoring  and  workforce  management. 

Another  trend  is  higher  adoption  rates  in  Europe/ 
Middle  East/Africa  and  Asia  Pacific.  North  America  is 
generally  slower  to  adopt  IP  contact  center  tech¬ 
nologies  because  of  more  conservative  and  risk- 
averse  decision-makers,  and  more  large  installed  sys¬ 
tems.  However,  of  Cisco’s  1,500  installations  world¬ 
wide,  approximately  half  are  in  North  America. 

Another  trend  is  for  companies  to  adopt  VoIP  in  the 
enterprise  first  and  then  in  the  contact  center.  Gartner 
analyst  Bern  Elliot  says  IP  system  sales  already  have 
overtaken  TDM  system  sales  for  corporations,  but  “IP 
adoption  in  the  call  center  will  lag.” 

Elliot  predicts  that  traditional  TDM-based  call  cen¬ 
ters  will  remain  the  dominant  architecture  for  new 
system  sales  in  North  American  until  mid-2006.  IP- 
based  call  center  systems  comprise  approximately 
10%  of  new  system  sales  today. 

Lessons  from  the  early  adopters 

Customers  leery  of  IP  contact  centers  typically 
express  concerns  about  security,  quality,  reliability  and 
scalability  Early  implementers  say  they  faced  chal¬ 
lenges,  primarily  with  quality  of  service,  but  they  used 
assessment,  configuration,  testing  and  monitoring  to 
successfully  address  those  issues.  As  Lee  Bostrom.CIO 
of  Glenview  State  Bank,  says, “If  you've  done  what  you 
need  to  do  for  your  network  for  other  applications, 
running  phones  on  IP  is  not  a  leap  of  faith.” 

Many  early  implementers  say  voice  is  more  secure 
and  more  reliable  over  IP  than  it  was  in  a  TDM  world, 
and  the  enhancements  to  their  networks  for  voice 
also  have  benefited  their  data  applications. 

Early  implementers  have  been  risk  takers  to  a 
degree,  but  those  who  succeed  are  also  prudent.  For 
example,  when  Glenview  State  Bank  implemented  an 
Interactive  Intelligence  IP-based  solution  in  2002.  it 
clearly  saw  the  potential  benefits  for  growth,  flexibili¬ 
ty  and  disaster  recovery: 

When  the  bank  had  to  trigger  its  disaster-recovery' 
plan  because  of  a  basement  flood,  it  added  seats  at 
the  branches  and  reroute  calls  quickly,  with  no  effect 
on  service.  The  enterprise  solution  has  200  to  240 
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U.ght  to  12  seats  in  the  call  center  serv- 
.  cuy  suburbs.  All  branch  offices  are  IRand  the 
center  rr ; :  es  m  one  of  the  branches. 

;  iienvF  Vv  focused  on  finding  a  partner  it  could  trust 
on- 1  ■  usurer!  that  the  network  foundation  was  solid. 
Ti;.  t  ink  i  nplemented  a  virtual  LAN  and  used  stan¬ 
dards  fo!  then  servers  (Windows  NT)  and  routers 
Cisco)  it  continues  to  follow  the  rigorous  security 
■<)'</(  sses  applied  to  all  other  applications  for  its 
voice  and  call  center  applications. 

Software  vendor  Attachmate,  which  has  three  dis¬ 
tributed  sites  for  technical  support,  spent  about  two 
years  evaluating  products  and  realized  that  TDM  was 
too  expensive  for  what  it  wanted  to  do.  A  pure  IP  solu¬ 
tion  from  Nuasis  offered  the  company  lower  total 
cost  of  ownership  —  estimated  at  30%  lower  than 
TDM  initially,  with  additional  savings  over  time  by 
avoiding  proprietary  hardware.  Attachmate  also  saw 
benefits  from  virtual  operations  across  sites  and  CTI 
in  hours  instead  of  months. 

ForVegas.com,  the  official  Las  Vegas  travel  site,  mov¬ 
ing  to  IP  made  sense  given  its  tremendous  growth. 
The  company  tried  a  hybrid  approach  first,  adding  IP 
cards  to  its  existing  Nortel  Option  1 1C. 

WhenVegas.com  moved  in  late  2003,  it  migrated  to 
pure  Voipieveraging  much  of  its  existing  Nortel  invest¬ 
ment  for  125  call  center  agents  and  50  corporate 
users.The  company  saves  on  wiring,  moves,  adds  and 
changes,  and  networking  of  retail  locations,  while 
buying  flexibility  for  the  future. 

Like  many  companies,  it  plans  to  add  multimedia 
and  CTI. 

“I  felt  no  risk.  We  used  the  same  applications  we  had 
in  the  TDM  world  and  just  changed  transport;  the  appli¬ 
cations  don’t  care,”  says  Brian  Hayashi,  engineering 
director  for  Vegas.com.  “However,  you  have  to  be  an 
active  participant  in  the  system  implementation  and 
support.You  can’t  rely  solely  on  the  vendor’ 

Finish  Line,  one  of  the  nation’s  leading  athletic 
specialty  retailers  in  Indianapolis,  Ind.,  replaced  a 
10-year-old  corporate  switch  to  support  growth  in 
the  direct-to-consumer  business.  Contrary  to  the 
popular  approach  to  implement  IP  in  the  enterprise 
first  and  call  center  last,  it  started  with  the  call  cen¬ 
ter.  Finish  Line  put  approximately  50  seats  on  its  13 
IP-based  system  with  Session  initiation  Protocol 
phones  in  July  2003  and  added  the  300  enterprise 
seats  in  October. 

The  company  has  seen  benefits  in  lower  IT  costs  as 


Promises,  promises 

Some  of  the  early  predictions  about  the 
benefits  of  IP  contact  centers  haven't  been 
realized. 

•  Standards-based  systems  were  one  early 
driver,  creating  expectations  of  choice,  inter¬ 
operability  and  reduced  costs.  Today,  end¬ 
points  are  a  mix  of  H.323,  proprietary  and 
Session  Initiation  Protocol,  with  SIP  the 
emerging  leader. 

•  Another  early  incentive  was  an  open 
approach  that  would  let  customers  choose 
between  various  elements  of  voice  infrastruc¬ 
ture  and  applications.  Some  vendors  offer  an 
open  approach,  but  most  try  to  sell  a  single¬ 
vendor  solution. 

•  While  multimedia  is  a  potential  benefit  of 
IP  applications  and  infrastructure,  it  is  not  a 
driving  force  in  many  cases,  as  most  centers 
still  are  highly  dominated  by  voice  contacts 
and  aren't  yet  ready  to  invest  in  multimedia 
solutions. 

•  The  hyped  benefits  of  IP  for  wiring  cost 
savings  don't  always  apply.  Many  companies 
already  have  the  wiring  or  run  separate  wires 
for  voice  anyway. 

•  Staff  costs  can  be  reduced  greatly  in 
some  scenarios,  such  as  the  large  multisite 
environment  that  centralizes  servers  and  their 
management.  However,  staff  roles  and 
responsibilities  are  often  not  reduced,  but 
rather  are  rearranged  to  manage  the  applica¬ 
tions  and  networks. 

-1 

Finish  Line  grows  —  adding  new  positions,  making 
routing  changes  and  moving  positions  readily  It  also 
has  gotten  richer  applications,  with  enhanced  report¬ 
ing  already  in  place  and  multimedia  planned. 

“Our  keys  to  success  were  a  thorough  evaluation 
process  and  extra  due  diligence  to  understand  the 
systems  and  find  the  right  partner;”  says  Robert  Gray 
director  of  telecommunications. 

Vendor  variations 

Vendors  differ  on  the  definitions  of  IP  solutions  and 


Outsourcers  turn  to  IP  contact  centers 


Outsourcers,  particularly  off¬ 
shore  outsourcers,  are  deploying  IP 
contact  centers  to  help  them  grow 
quickly  and  cost  effectively. 

TransWorks,  a  leading  provider  of 
outsourcing  servicesfrom  India,  had 
400  seats  15  months  ago  and  now 
has  1,650  seats.  The  company  plans 
to  add  another  400  to  800  seats  this 
year.  TransWorks  migrated  from  a 
TDM  switch  to  a  Cisco  IP  contact 
center. 

According  to  CEO  Prakash 
Gurbaxani,  the  company  purchased 
a  platform  that  works  today  and 
that  will  provide  the  infrastructure 
it  will  need  down  the  road.  The 
vision  includes  growth  into  addi¬ 
tional  call  centers  and  countries, 


including  an  aggregating  network 
based  in  the  U.S.  that  will  route 
calls  anywhere  in  the  world. 

Amicus,  a  leading  U.K.  out¬ 
sourcer  for  multichannel  cus¬ 
tomer  contact  and  fuifillment, 
launched  its  service  18  months 
ago.  During  the  planning  stages, 
the  company  knew  its  choice  of 
technology  platform  would  be  key 
to  achieving  its  goals  and  knew  it 
had  to  deliver  a  low-cost  service 
that  would  compete  against  the 
typical  U.K. -based  outsourcer, 
and  India-based  centers. 

The  company  selected  an  IP- 
based  system  from  Avaya  to  handle 
inbound  and  outbound  calling,  log¬ 
ging  and  quality  monitoring  and 


other  applications.  By  going  with  IP, 
Amicus  reduced  the  cost  of  wiring  in 
its  historic  building.  Twenty  of  its  130 
agents  are  remote,  with  that  number 
expected  to  rise  to  50  later  this  year. 

The  company  also  is  testing  wire¬ 
less  positions,  using  USB  headsets 
connected  to  laptops  within  homes 
and  eventually  at  hot  spots. 

Charles  Burns,  sales  and  market¬ 
ing  director,  recommends  going 
with  one  vendor,  which  he  says  was 
a  major  factor  in  avoiding  serious 
technical  problems.  Future  plans 
include  putting  agents  in  India  or 
other  locations  for  labor  savings, 
while  using  the  solid  technical  and 
support  infrastructure  it  built  in  the 
U.K. 


Looking  ahead 

The  breakthrough  in 
adoption  of  IP  in  the  con¬ 
tact  center  will  occur  as 
more  companies  share 
evidence  that  it  is  low 
risk.it  works  and  there  are 
quantifiable  business 
benefits. 

Gary  Ketron,  director  of 
worldwide  technical 
support  for  Attachmate, 
summarizes  what  many 
companies  are  experi¬ 
encing  with  IP  adoption: 

“When  we  started  our 

pilot,  our  fear  was  that  VoIP  was  not  a  technology 
whose  time  has  come.  After  the  pilot,  our  belief  is 
that  this  is  a  technology  that’s  right  for  us,  and  from 
which  we’ll  benefit  tremendously” 

Bocklund  is  president  of  Strategic  Contact.  She  can  be 
reached  at  lori@strategiccontact.com. 


the  benefits  of  “pure"  IP  vs.  hybrid  solutions.  As  you 
would  expect,  each  vendor  promotes  the  solution  and 
migration  approach  that  its  platform  enables. 

Traditional  voice  switch  vendors  such  as  Avaya, 
Aspect,  EADS  Telecom,  NEC,  Nortel,  Rockwell  and 
Siemens  offer  TDM  or  IP- 
based  solutions,  and 
migration  paths  between 
them.  These  vendors 
offer  “transport  neutral” 
applications.  The  call 
center  server  applica¬ 
tions  work  equally  well 
with  an  IP  or  TDM  (or 
hybrid)  platform,  letting 
customers  choose  their 
transport  preference  and 
migrate  without  chang¬ 
ing  applications. 

Call  center  application 
suites  such  as  Genesys 
and  Interactive  Intel¬ 
ligence  work  with  TDM  or 
IP  switching  on  a  variety 
of  platforms. 

IP-centric  vendors, 
such  as  Cisco  and 
Nuasis,  offer  IP  solutions 
only.  They  say  anything 
short  of  a  pure  IP 
approach  compromises 
the  application  opportu¬ 
nities  and  corresponding 
benefits  that  IP  enables, 
while  also  offering  a 
migration  path  for  those 
with  TDM  sites  today. 

Interactive  Intelligence 
and  Nuasis  also  offer  a 
suite  of  bundled  applica¬ 
tions  that  bring  the  bene¬ 
fits  of  simpler  implemen¬ 
tation  of  CTI  and  multi- 
media  capabilities,  for 
example. 

Hosted  solutions  are 
another  option  promoted 
by  companies  such  as 
CosmoCom  and  Tele- 
phony@Work. 


Contact 
center  cost 
savings 

The  key  application 
opportunities  for  IP 
contact  centers: 

•  Large,  multisite 
environments  are 

moving  away  from  com¬ 
plex  network  and  CTI- 
based  routing  to  more 
centralized  call  routing 
over  an  IP  network. 
They  achieve  savings  in 
network  costs,  and  in 
the  costs  of  maintain¬ 
ing  and  running  the  call 
routing  solutions  them¬ 
selves.  They  also  save 
on  applications  that 
were  deployed  previ¬ 
ously  on  a  per-site 
basis. 

•  Home  agents  that 

connect  over  a  VPN  or 
run  digital  sets  over  IP 
with  a  fallback  to  the 
PSTN.  Tower  Travel  in 
Chicago  cut  the  cost  per 
remote  agent  from  $560 
per  month  to  $50  per 
month  by  setting  up 
people  in  their  homes 
rather  than  paying  real 
estate  costs. 

•  Satellite  offices 

that  provide  additional 
locations  for  call  center 
staff  and  additional 
labor  to  tap  into  for 
peaks,  disaster  recov¬ 
ery  .or  other  needs. 
These  sites  can  survive 
the  loss  of  the  main 
location  platform  and 
also  can  have  local 
trunking.  Many  banks 
and  credit  unions  are 
implementing  this  ap¬ 
proach  using  IP. 


The  HP  ProLiant  DL380  G3  gives  you  true  high  performance  at  a  truly  affordable  price,  while  our  Intel®  Xeon™  processor- 

powered  HP  ProLiant  DL380  G3  server  certainly  offers  blazing  performance,  the  engineers  behind  it  would  challenge  you  to  rethink  the  definition  of 
performance  entirely.  Consider,  for  example,  what  happens  when  you  need  to  add  a  storage  device  to  a  typical  server— -the  server  must  be  powered 
down,  and  your  productivity  drops  to  zero.  This  fact  led  us  to  design  hot-pluggable  technology  on  the  DL380  that  allows  you  to  swap  out  a  number  of 
key  server  components,  including  the  reliable  and  efficient  HP  DAT  7 2h  tape  backup  solution  without  ever  interrupting  server  operation.  The  DL380  and 
DAT72h  also  feature  space-saving  designs,  and  server  management  is  easy  yet  robust  thanks  to  our  ProLiant  Essentials  Software.  Demand  more  uptime 
and  more  real  performance  from  a  server.  And  demand  more  value,  from  HP. 


HP  ProLiant  DL380 
G3  SERVER 


$3,018 

One  Intel®  Xeon™  processor  3.06GHz  with 
512KB  cache  (upgradable  to  2  x  3.20GHz) 

1GB  PC2100DDR  SDRAM  (12GB  maximum)' 

Integrated  Lights-Out  (iLO) 
management  (standard) 

ServerWorks  GC-LE  Chipset 

Integrated  Smart  Array  5i  Plus  Controller 

Three  available  PCI-X  slots  (2  hot  pluggable) 

Two  NC7781  PCI-X  Gigabit  NICs  (embedded) 


Enhance  your  system. 


HP  STORAGEWORKS  DAT  72h 

HOT-PLUG  TAPE  DRIVE 

—  Industry-standard  DDS  technology 

—  Up  to  36GB  native  capacity  on  a  single 
tape,  72GB  at  2:1  compression* 

—  HP  StorageWorks  One-Button  Disaster 
Recovery  (OBDR)  restores  your  entire 
system  at  the  touch  of  a  button 

—  Up  to  3MB/s  native  data  transfer  rate, 
6MB/s  with  2:1  compression 

$1,349 

(after  $150  instant  savings)* 


'HP  StorageWorks  DAT  72h  offer  good  through  5/31/04. 


BUY  NOW 

Click  www.hp.com/go/proliantesg9 

Call  Toll  Free 

1-888-225-7535 


Reductions  taken  at  time  of  purchase.  *HP  StorageWorks  DAT  72h  hot-plug  tape  drive  offer  ends  5/31/04.  Other  restrictions  may  apply.  Prices  shown  are  HP  direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  include  applicable  state  and  local  taxes  or  shipping  to  recipient's 
address.  Umited  order  quantities.  Offers  cannot  be  combined  with  any  other  offer  or  discount  and  are  good  while  supplies  Iasi  Promotions  void  where  prohibited  or  restricted  by  law.  HP  reserves  the  right  to  modify  or  withdraw  these  promotions  at  any  time.  HPFSC  reserves  the  right  to  diange  or  cancel  this  program  at 
any  time  without  notice  Tor  hard  drives,  GB=billion  bytes.  All  featured  offers  available  in  U.S.  only.  Intel,  Intel  Inside,  the  Intel  Inside  logo  and  Intel  Xeon  are  trademaiks  or  registered  trademarks  of  Intel  Corporation  or  its  subsidiaries  in  the  U.S.  and  other  countries.  ©2004  Hewlett-Packard  Development  Company,  LP. 
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Cisco’s  MDS  9509 


Director  SAN  switch  gets  top  ratings  in 
management  and  feature  columns 


Cm  BY  RANDALL  BIRDSALL  AND  EDWIN  MIER,  NETWORK  WORLD  LAB  ALLIANCE 

iscos  done  it  again. Packed  with  1 12  ports  of  2G  bit/sec  Fibre  Channel, the 
latest  version  of  Cisco’s  MDS  9509  delivers  a  feature  set,  management 
interface  and  performance  that  earned  it  our  Clear  Choice  designation. 


We  first  viewed  this  Cisco  storage-area 
network  switch  early  last  year  (see 
www.nwfusion.com,  DocFinder  1824). 
The  latest  software  (Version  1 .3(3))  sup¬ 
ports  new  quality-of-service  (QoS)  traffic 
classes  and  routing  between  virtual  SAN 
(VSAN)  groups.  Additionally,  new  option¬ 
al  modules  deliver  storage  virtualization 
and  caching  capabilities.  The  switch 
hardware  base  is  the  same  and  earned  it 
a  near-perfect  performance  score, 
although  this  rating  dipped  a  bit  because 
this  round  of  testing  was  more  extensive 
and  a  tad  more  critical. 

The  9509  remains  a  top  performer  in 
our  high-end  SAN  switch  tests.  Cisco 
showed  up,  and  all  the  other  SAN  switch 
marketplace  leaders  —  including 
Brocade  Communications  and  McData 
—  stayed  at  home,  in  spite  of  our  invita¬ 
tion  to  compete  head-to-head  with 
Cisco.  Brocade  and  McData  hinted  at 
major  new  director-class  architectures 


Net  Results 


Cisco  MDS  9509 


Company:  Cisco,  www.cisco.com  Cost: 
$2,900  per  port,  for  chassis  fully  loaded  with 
two  supervisor  modules  and  all  16-port,  2G 
bit/sec  Fibre  Channel  modules  and  SPFs 
(per-port  transmit/ 
receive  components). 
Pros:  Superb 
[  management;  richly 
featured;  the  best 
performing  SAN  switch  tested  to  date. 
Cons:  Per-port  price  is  high;  throughput 
degrades  under  torturous  “full-mesh"  load 
test  with  all  minimal-sized  packets. 


NetworkWorld 


The  breakdown 


Management  30% 


Features  25% 


Performance  25%  4.5 


Architecture  20%  4 
TOTAL  SCORE  4.7 


Scoring  Key:  5:  e  xceptional;  4:  Very  good:  3: 
Average;  2:  Below  average:  1:  Consistently 
subpar 


due  out  in  the  coming  months,  and 
we’ll  test  them  when  they  deliver  their 
new  versions. 

The  9509  supports  an  array  of  interface 
modules.  Up  to  seven  hot-swappable  line 
cards  can  be  any  mixture  of  16-  or  32- 
port,  2G  bit/sec  Fibre  Channel  Switching 
Modules.  Then  there’s  an  eight-port 
Gigabit  Ethernet  IP  Storage  Module, 
which  lets  users  directly  integrate  popu¬ 
lar  storage-over-IP  connections  with  the 
Fibre  Channel  fabric.  The  module  sup¬ 
ports  both  iSCSI  and  Fibre  Channel-over- 
IP  links.  This  connectivity  and  conver¬ 
sion  was  not  verified  in  the  testing. 

The  Cisco  switch  also  delivers  the  sur¬ 
vivability  users  expect  at  the  core  of  their 
SAN  fabric.  Each  9509  ships  with  redun¬ 
dant,  hot-swappable  management/ 
fabric-control  cards,  called  supervisors, 
and  redundant  power  supplies. 

There’s  nothing  quite  like  a  good  com¬ 
mand-line  interface  (CLI)  to  manage  a 
Cisco  network  device,  unless  there  is  an 
even  better  GUI.  The  9509  has  both.  The 
CLI  has  the  standard  Cisco  IOS  look  and 
feel.  And  the  GUI  delivers  effective  cen¬ 
tral  management,  featuring  dynamic 
topology  mapping. 

The  Cisco  Fabric  Manager  GUI  is 
impressive.  Extensive  configuration  capa¬ 
bilities  are  accessible,  which  is  helpful 
because  these  capabilities  can  seem 
imposing  to  a  first-time  user.  The  main 
GUI  screen  offers  a  directory  tree  on  the 
left  side  for  selecting  the  management 
topic,  an  auto-discovered  fabric  topology 
map  on  the  right.  Multiple  tables  for  con¬ 
figuration  and  statistics  are  accessed 
through  tabs  at  the  top. 

Most  impressive  is  the  copy-and-paste 
configuration,  which  lets  the  user  select 
any  configured  switch  and  apply  all  the 
same  settings  to  any  other  switch. 
Locating  particular  devices  or  links  also 
has  been  simplified:  If  the  IP  address  of  a 
switch  or  label  of  an  inter-switch  link 
(ISL)  is  not  enough,  you  can  select  the 
component  you  want  from  a  configura¬ 
tion  table,  and  its  image  is  highlighted 
instantly  in  the  fabric  topology  map. 

The  Fabric  Manager  also  can  readily 
push  new  software  images  out  onto  one 
or  a  group  of  switches.  And  we  con- 


How  We  Did  It 


Spirent  Communications  provided  all  the  performance  testing  equipment  we 
used.  We  employed  five  SmartBits  SMB-6000B  chassis,  fully  populated  with 
FBC-3602A  1G  and  2G-bit/sec  Fibre  Channel  modules.  Spirent’s  SmartFabric 
test  application,  Version  1.31,  provided  port-by-port  results. 

Cisco  submitted  an  MDS  9509  switch  populated  with  two  DS-X9530-SF1-K9 
Supervisor  1  cards  running  firmware  Version  1.3(3)  and  seven  DS-X9016, 16-port  1G 
and  2G  bit/sec  Fibre  Channel  cards. 

All  tests  were  run  for  30  seconds  using  small  (60-byte)  and  large  (2,148-byte) 
frames  at  100%  load  and  were  repeated  several  times  to  note  variability.  Latency 
was  measured  while  applying  less  than  maximum  loads. 

With  the  high-stress,  full-mesh  throughput  test,  we  configured  the  112  SmartBits 
ports  to  send  frames  to,  and  receive  from,  each  other  port. 

In  the  reboot,  we  cut  off  and  restored  power  to  see  how  quickly  it  could  resume 
normal  operation. 

To  test  non-disruptive  code  load,  we  did  a  full-mesh  test  of  large  frames  across 
all  112  ports.  A  code  load  sequence  was  initiated  and  completed  while  the  traffic 
flows  continued. 

A  fabric  failure  was  simulated  during  a  full-mesh  test  by  removing  the  active 
Supervisor  module  while  traffic  was  passing. 


firmed  that  new  code  could  be  loaded 
and  activated  under  full  operational  load 
—  without  dropping  a  bit. 

The  9509  brings  a  smorgasbord  of  fea¬ 
tures  to  the  table. 

Consider  the  capabilities  offered  for 
Fibre  Channel  diagnostics.  The  9509 
includes  a  built-in  protocol  analyzer,  dri¬ 
ven  from  the  CLI,  for  control  traffic,  which 
is  very  effective  for  diagnosing  Fibre 
Channel  issues. 

Cisco  also  supports  a  mirrored-port 
capability  to  which  frames  between  any 
two  ports  in  the  fabric  can  be  replicated, 
without  disrupting  ongoing  traffic.  Fibre 
Channel  frames  can  be  encapsulated 
into  Ethernet  frames,  using  the  Cisco  Fbrt 
Analyzer  Adapter,  and  captured  in  Tibp- 
cap’  format  —  a  popular  format  for  stor¬ 
ing  packet  traffic.The  resulting  dump  can 
be  analyzed  within  Ethereal,  a  popular 
open  source  analyzer  application,  for 
which  Cisco  has  developed  a  Fibre 
Channel  decode  plug-in. 

Cisco  also  offers  its  proprietary  storage 
equivalent  to  virtual  LANs  (VLAN)  — 
VSANs.VSANs  separate  groups  of  ports 
into  discrete  “virtual  fabrics,”  up  to  1 ,000 
per  switch  .This  isolates  each  VSAN  group 
from  the  disruptive  effects  of  fabric 
reconvergence  that  may  occur  in  an¬ 


other  VSAN.  And, as  with  VLANs,  routing  is 
used  to  forward  frames  between  initiator 
and  target  (SAN  source  and  destination) 
pairs  in  different  VSANs. 

Cisco  has  integrated  VLANs  and  VSANs 
effectively:  The  IP  Storage  Services 
Module,  which  extends  the  SAN  fabric 
into  an  IP  network,  can  map  802.1  lq 
VLAN  tags  to  VSAN  identifiers. 

Cisco  also  offers  an  effective  QoS  solu¬ 
tion  that  uses  a  traffic-distribution  algo¬ 
rithm  and  four  output  queues.  Three 
queues  are  assignable  by  the  user  for  pri¬ 
oritizing  traffic,  while  the  fourth  queue  is 
reserved  for  Fibre  Channel  control  traffic. 

Storage  virtualization  is  a  buzzword  in 
the  SAN  industry  that  implies  storage  vol¬ 
ume  management,  mirroring  and  replica¬ 
tion  across  physical  locations,  which  is 
transparent  to  users  and  applications. 
Cisco  offers  two  specialized  module 
options  that  support  these  virtualization 
functions:  The  Advanced  Services  Mod¬ 
ule,  produced  jointly  with  Veritas 
Software,  and  the  Caching  Services 
Module  (CSM).co-developed  with  IBM. 

Commendable  performance 

Users  seeking  as  close  to  wire-speed 
performance  as  they  can  get,  under  max¬ 
imum  load  on  all  ports,  will  want  to  use 
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o.s'iiy  the  16-port  modules  in  the  9509.That’s 
because  the  32-port  modules  introduce 
oversubscription  —  a  SAN  euphemism  for 
bottlenecks, a  condition  Cisco  documents. 

We  ran  the  switch  through  both  torturous 
and  more  typically  realistic  tests, all  at  100% 
offered  load.  It  performed  nearly  flawlessly 


—  that  is,  delivering  theoretical  maximum 
throughput  —  except  for  a  few  worst-case 
load  scenarios.  For  example,  in  the  full- 
mesh  test  with  a  very  small  frame  size  —  an 
absolutely  worst-case  scenario  —  the 
switch  dropped  to  54%  of  theoretical  line 
rate.  However,  through  every  test,  even  with 


congestion,  the  switch  maintained  fair  and 
evenly  distributed  throughput.  We  noted 
too  that,  in  the  absence  of  congestion,  la¬ 
tency  —  the  time  it  takes  frames  to  move 
through  the  switch  —  ranged  from  10 
microsec  to  250  microsec,  depending  on 
frame  size.This  is  a  normal  and  acceptable 


range,  given  variable-length  frames  travers¬ 
ing  one  or  more  modules  and  the  internal 
switching  fabric. 

The  9509  also  has  a  link-aggregation  fea¬ 
ture.  We  built  a  “port  channel,”  Ciscos  term 
for  a  group  of  aggregated  ISLs  connecting 
two  9509s,  and  we  saw  no  degradation  in 
throughput  across  the  aggregated  switch- 
toswitch  trunk  links, compared  to  the  same 
load  sent  between  ports  on  one  switch. 
When  we  failed  one  of  the  ISLs  in  a  trunk 
group,  the  switches  dutifully  reallocated 
streams  from  the  failed  link  to  the  others  in 
the  group.  The  total  time  for  this  reconver¬ 
gence,  where  throughput  on  affected 
streams  is  temporarily  halted  but  no  data 
was  lost,  was  1 15  millisec. 

To  abuse  the  switch,  we  pulled  the  active 
supervisor  module  and  tried  upgrading  the 
software  with  all  112  ports  transferring  SAN 
traffic  over  12,432  unique  flows.  Neither 
condition  had  any  degrading  effect  on 
throughput  performance  because  of  the 
failover  redundancy  of  the  two  supervisors. 
Boot  time  after  a  power  failure  was  a  very 
respectable  2  minutes,  32  seconds. 

Cisco  also  provides  an  abundance  of 
security  features  for  its  management  and 
the  SAN  fabric. With  the  use  of  a  RADIUS  or 
Tacacs+  authentication  servers,  administra¬ 
tors  can  be  assigned  very  tailorable  access 
and  configuration  rights. 

Additionally  IP-based  Access  Control  Lists 
can  be  applied  to  management  access, 
whether  the  administrator  is  accessing  via 
an  Ethernet  management  interface  (out-of- 
band)  or  from  another  switch  using  IP  over 
Fibre  Channel  (in-band). 

What’s  more,  all  management  traffic  is 
encrypted  —  using  SNMPv3  for  the  GUI, 
Secure  Shell  for  the  CLI  and  secure  file 
transfer  for  moving  files  to  and  from  the 
supervisor. 

The  SAN  fabric  itself  is  secured  through 
hardware-enforced  zoning,  which  is  per¬ 
formed  at  ingress,  read-only  zones,  fixed 
port  types  and  device  authentication  via 
the  Fibre  Channel  Security  Protocol. 

The  9505  is  a  powerful  director-class  SAN 
switch  that  sets  a  high  bar  for  the  industry 
in  terms  of  features  and  management. 
While  we  can’t  call  it  perfect,  we  can  say  it’s 
the  one  the  competition  has  to  beat. 

Birdsall  is  a  senior  test  engineer  for, 
and  Mier  is  a  network  technologist,  consul¬ 
tant  and  founder  of,  Miercom,  a  network 
consultancy  and  product  test  center  in 
Cranbury,  N.J.  They  can  be  reached  at 
rbirdsall@miercom.com  and  ed@mier. 
com,  respectively. 


keep  your  network  secure  with 
SSfclv2,  SNMPv3,  TACACS? 


transport  gigabits 
of  data  over  fiber? 

(multimode  up  to  2km?) 


deploy  802. 3AH 
Ethernet  services? 


Deploy  Ethernet  services 

to  your  business  customers  with 
MRV's  wide  range  of  Ethernet 
Service  Demarcation  products. 


Transport  gigabits  of  data 

with  MRV's  WDM  solutions. 

Plus,  extend  the  life  of  your  fiber  with 
our  broad  line  of  media  converters. 


Keep  your  network  secure 

with  MRV’s  secure,  remote  console 
and  power  management  solutions. 


MRV  has  been  a  pioneer  in  Ethernet  Access,  Optical  Transport,  and 
Management  &  Control  solutions  for  over  15  years.  World-class 
companies  choose  MRV  for  unlimited  connectivity  options. 
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Turn  to  us  for  your  Connectivity  Unlimited™  needs 
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Spam  and  virus  protection  at  an  affordable  price. 


•  No  per  user  license  fees 

•  Prices  starting  at  $1199 

•  Powerful,  enterprise-class  solution 
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Order  a  free  evaluation  unit  at 
www.barracudanetworks.com 


Aggressive  Reseller  Program 

POWERFUL  EASY  TO  USE  AFFORDABLE  Get  more  info  by  visiting  www.barracudanetworks.com/NI 

or  by  calling  1-888-ANTI-SPAM  or  408-342-5400 


Your  role  is  expanding. 

As  business  infrastructure  moves  to  the  forefront,  your  company 
relies  on  you  to  keep  existing  systems  at  peak  performance  while 
tackling  a  broad  range  of  new  requirements.  Securing  wireless 
networks,  implementing  collaboration  technologies,  improving 
regulatory  compliance,  ensuring  business  continuity — all  while 
doing  more  with  less. 

Enterprise  challenges  demand 
end-to-end  solutions. 

As  networking  and  communications  professionals,  you  need  to 
focus  on  an  end-to-end,  system-wide  approach  when  building 
and  optimizing  your  business  infrastructure: 

»  Security  »  Performance 

»  Wireless  »  Data  Center  and  Storage 

»  Collaboration  and  VoIP  »  Infrastructure  and  Services 


Pre-register  by  May  8th. 

Go  to  INTEROP.com  for  details  and  registration 

Use  Priority  Code:  ADAVZ2ND 


Put  it  all  together. 

Only  NetWorld+Interop  brings  you  the  latest  strategies,  techniques 
and  products  for  every  point  in  your  infrastructure — and  shows 
you  how  they  can  add  up  to  an  integrated,  end-to-end  solution 
that  meets  every  requirement  on  your  list. 

Make  the  connection  at  NetWorld+Interop. 

For  17  years,  NetWorld+Interop  has  helped  networking 
professionals  take  their  enterprises  and  their  careers  to  the  next 
level.  At  NetWorld+Interop  Las  Vegas  2004,  you'll  make  the 
industry's  best  ideas  and  latest  technologies  relevant  to  your 
needs,  and  discover  that  even  the  toughest  networking  challenge 
is  all  in  a  day's  work. 


NETWORLD 

INTEROP 

LAS  VEGAS  •  MAY  9-14,  2004 

EXHIBITION:  MAY  11-13,  2004 

A  MediaLive- 

9  INTERNATIONAL 


Copyright  ©  2004  MediaLive  International.  Inc.,  795  Folsom  Street,  6th  Floor,  San  Francisco,  CA  94107.  All  Rights  Reserved.  MediaLive  International,  Networld,  Interop,  and  associated  design  marks  and  logos  are  trademarks  or 
service  marks  owned  or  used  under  license  by  MediaLive  International,  Inc.,  and  may  be  registered  in  the  United  States  and  other  countries.  Other  names  mentioned  may  be  trademarks  or  service  marks  of  their  respective  owners. 


NetworkWorld  i&j 


■  • 

1  • 


Network 
NP-2000  app 


Collects  useful  network-performance  stats, 
but  user  interface  is  sluggish 

■  BY  BARRY  NANCE,  NETWORK  WORLD  LAB  ALLIANCE 

antasy  league  sports  enthusiasts  use  player  and  team  statistics  as  a  key  factor  in 
knowing  which  players  to  trade  to  gain  an  edge  over  other  enthusiasts.  A  winning  — 
or  losing  —  season  can  often  be  traced  back  to  the  right  —  or  wrong  —  set  of  statis¬ 
tics.  Similarly  useful  network  performance  measurement  depends  on  obtaining  the 
right  statistics. 


We  recently  tested  Network  Physics’ 
NP-2000,  along  with  Version  3.0.4  of  its 
central  console  software.  Its  superior  sta¬ 
tistics,  charts  and  graphics, and  its  ability 
to  relate  business  functions  to  specific 
network  links,  impressed  us.  We  were 
dismayed,  however,  by  its  glacially  slow 
user  interface  and  its  inability  to  moni¬ 
tor  server  CPU,  process,  memory  and 
disk  resources.  We  also  wished  it  auto¬ 
matically  could  resolve  problems  via 
scripts  or  external  programs,  as  some 
monitoring  tools  do. 

The  physical  universe 

The  NP-2000  is  a  complex  tool  for  traf¬ 
fic  analysis,  reporting  and  alerting. 
Listening  passively  via  an  Ethernet  tap 
or  mirrored  switch  port,  it  captures  up  to 
750M  bit/sec  of  network  traffic,  then 
slices  and  dices  the  results  several  ways 


Company:  Network  Physics,  (650)  230- 
0900,  www.networkphysics.com.  Cost: 
$100,000  to  $200,000  for  an  average  initial 
deployment  of  two  to  three  units.  Pros: 
Superior  statistics,  graphs  and  charts; 
relates  business  functions  to  network 
infrastructure  components.  Cons:  Sluggish 
user  interface;  no  server  monitoring;  no 
ability  to  automatically  resolve  problems. 


The  breakdown 

Monitoring  20% 


Reporting  20%  ■ 
Ease  of  use  20% 


Notifications  10% 
Corrective  actions  10% 


Documentation  10% 
Installation  10% 
TOTAL  SCORE 


Scoring  Key;  5:  Exceptional;  4:  Very  good;  3: 
Average;  2:  Below  average;  1:  Consistently 
subpar 


to  produce  a  plethora  of  graphs,  charts, 
tables  and  alerts.  The  N  P-2000  s  Traffic 
Group  Table,  one  of  its  principal  reports, 
shows  inbound  and  outbound  traffic 
levels,  both  in  megabit-per-second  and 
total  volume.  Another  report  displays  a 
multi-metric  time  series  chart. 

We  could  tell  the  NP-2000  to  group  the 
Traffic  Group  Table  information  by  IP 
protocol,  IP  address,  total  traffic  levels  or 
one  of  several  other  options.  The  Busi¬ 
ness  Group  feature  let  us  associate  a 
cost  center,  business  function  or  com¬ 
pany  department  with  one  or  more  IP 
addresses.  We  then  hierarchically  linked 
those  business  groups.  At  our  option,  the 
NP-2000  organized  its  reports,  such  as 
the  Traffic  Group  Table,  by  Business 
Group  and  Business  Group  Link. 
Simulating  a  portion  of  a  large  insur¬ 
ance  company,  we  set  up  actuarial, 
agency  administration,  claims  and  col¬ 
lections  groups,  each  with  a  set  of  IP 
addresses.  Impressively  the  NP-2000  let 
us  indicate  the  sharing  of  an  IP  address 
among  the  agency  administration  and 
claims  groups. 

The  appliance  generates  alerts  when 
it  detects  a  traffic  condition  that  crosses 
a  user-defined  threshold.The  traffic  con¬ 
dition  might  be  inbound  or  outbound 
Packet  Throughput,  Packet  Traffic,  Total 
Throughput  or  Total  Traffic  greater  than 
a  specified  value,  such  as  50M  bit/sec. 
The  NP-2000  distinguishes  between 
three  levels  of  alerts:  minor,  major  and 
critical. 

For  the  error  conditions  we  created 
in  the  lab,  the  unit  logged  the  errors 
and,  optionally,  sent  us  e-mail  notes 
and  issued  SNMP  alerts.  However,  the 
NP-2000  lacks  the  ability  to  perform 
corrective  actions,  such  as  sending  a 
port  reset  command  to  a  switch  or 
telling  a  server  to  reboot. 

Several  other  monitoring  tools  offer 
this  feature.  Furthermore,  the  NP-2000 
included  alert  thresholds  that  related 
to  increases  in  specific  types  of  net¬ 
work  activity.  When  a  decrease 
occurred  in  our  tests  —  such  as  an 
outage  —  the  NP-2000  ignored  the 


The  NP-2000  displays  a  wealth  of  metrics  and  network  details,  organized  by  business  func¬ 
tion,  protocol  or  other  criterion. 


error  situation. 

Understanding  some  of  the  NP-2000’s 
statistics  might  require  some  extra 
study  of  network  technologies.  For 
example,  the  NP-2000  defines  Server 
Reset  Rate  as  the  number  of  TCP  ses¬ 
sions  terminated  with  a  TCP  reset  by  a 
server  per  second  over  the  selected 
time  interval.  Similarly,  it  defines 
Connection  Request  Rate  as  the  num¬ 
ber  of  attempted  TCP  connections  per 
second  over  the  selected  time  interval, 
with  an  attempted  connection  occur¬ 
ring  when  the  client  sends  a  TCP  SYN 
request  to  the  server,  regardless  of 
whether  the  server  responds.  (Both 
these  statistics  relate  to  traffic  manage¬ 
ment.  An  unusually  high  Connection 
Request  Rate,  for  instance,  might  signal 
the  onset  of  a  denial-of-service  attack.) 

Ease  of  use 

The  NP-2000’s  primary  interface,  which 
you  download  from  within  the  appli¬ 
ance,  is  a  Java-based  central  manage¬ 
ment  console  for  configuring  and  view¬ 


ing  statistics,  charts,  graphs  and  reports. 
The  unit  also  has  a  Web  server  that  emits 
browser  pages  for  viewing  some  (but 
not  all)  reports  and  performing  some 
basic  configuration  tasks.  A  one-time- 
use  serial  port  ASCII  terminal  interface 
lets  you  assign  the  unit  an  IP  address  at 
installation  time. 

Unfortunately,  all  too  often  we  found 
the  management  console  interminably 
sluggish,  and  so  almost  unusable.  While 
drilling  down  through  the  Traffic  Group 
Table  window’s  IP  addresses,  we  experi¬ 
enced  delays  from  40  seconds  to  nearly 
5  minutes  before  the  table  displayed  the 
sub-items  for  the  entry  we  were  expand¬ 
ing.  Clicking  ahead  to  indicate  the  next 
table  entries  we  wanted  didn’t  work, 
because  the  console  didn’t  keep  up 
with  our  selections. 

Similarly,  clicking  the  Update  toolbar 
item  caused  the  status  message 
“Accessing Top  Group  Data  ...”to  appear, 
and  the  console  became  unresponsive, 
with  no  hourglass  cursor,  for  nearly  3 
See  Network  Physics,  page  81 
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minutes. When  we  asked  the  vendor  about 
this,  we  learned  the  software  performs 
database  queries  and  sometimes  per¬ 
forms  DNS  lookups  when  a  user  clicks  on 
Traffic  Group  Table  entries. 

Moreover,  after  minimizing  and  then 
restoring  the  console  window,  it  would 
sometimes  come  up  empty,  appearing 
completely  gray  with  no  menus,  no  interi¬ 
or  windows  and  no  response  to  key¬ 
presses  and  mouse  clicks.  Wed  have  to  tell 
Windows  to  kill  the  task.  We  were  also  dis¬ 
appointed  the  software  did  not  let  us  cre¬ 
ate  a  new  “adaptive  alert,”  defined  by 
Network  Physics  as  a  threshold  exceeded 
by  the  moving  average  of  the  metric  value 
over  the  latest  time  interval,  known  as  the 
time  window. 

Installing  the  NP-2000  and  its  console 
software  was  straightforward.  The  docu¬ 
mentation  consists  of  Adobe  Acrobat  PDF 
files, online  help  and  a  brief, printed  instal- 


P 


How  We  Did  It 


We  installed  the  NP-2000  ma¬ 
chine  on  our  lab's  six-seg¬ 
ment  Fast  Ethernet  network. 
Each  segment  consists  of  a  server 
and  25  clients,  all  connected  to  the 
Internet  viaT-1  and  frame  relay  lines. 
To  access  the  NP-2000's  Web-based 
reports  interface,  we  used  Internet 
Explorer  6.0.  We  ran  the  unit’s  cen¬ 
tral  console  software  on  Java  Run¬ 
time  Environment  1.4.2,  running  in 
turn  on  Windows  2000  Advanced 
Server  on  a  Compaq  Proliant  ML570 
containing  four  900-MHz  CPUs,  2G 
bytes  of  RAM  and  135G  bytes  of  fast 
SCSI  disks. 


\M  Lab  Alliance 


Nance  also  is  a  member  of  the  Network 
World  Lab  Alliance,  a  cooperative  of  the  pre¬ 
mier  reviewers  in  the  network  industry,  each 
bringing  to  bear  years  of  practical  experi¬ 
ence  on  every  review.  For  more  Lab  Alliance 
information,  including  what  it  takes  to  be¬ 
come  a  partner,  go  to  www.nwfusion.com/ 
alliance. 

Other  members:  Mandy  Andress,  ArcSec; 
John  Bass,  Centennial  Networking  Labs, 
North  Carolina  State  University:  Travis 
Berkley,  University  of  Kansas:  Jeffrey  Fritz, 
University  of  California,  San  Francisco; 
James  Gaskin,  Gaskin  Computing  Services; 
Greg  Goddard,  EDS;  Thomas  Henderson, 
ExtremeLabs;  Miercom,  network  consultancy 
and  product  test  center;  Christine  Perey, 
Perey  Research  &  Consulting;  Thomas 
Powell,  PINT.  David  Newman,  Network  Test; 
Joel  Snyder,  Opus  One;  Rodney  Thayer, 
Canola  &  Jones. 


lation  manual. 

The  NP-2000  uses  moving  averages,  stan¬ 
dard  deviations  and  other  quantifications 
to  produce  a  wealth  of  charts,  graphs  and 
tables  to  help  you  manage  your  network.  It 
could  be  a  statistics  lover’s  dream  —  and 
we’d  recommend  it  wholeheartedly  —  if  it 


was  more  responsive,  had  a  corrective 
action  feature  and  gathered  performance 
metrics  from  servers. 


Programming.  His  e-moil  address  is 
barryn@erols.  corn. 


Nance  runs  Network  Testing  Labs  and  is 
the  author  of  Introduction  to  Networking, 
4th  Edition  and  Client/Server  LAN 
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Are  you  ready  for  this? 


Zultys  introduces  the  most  functional  IP  phone  you  can 
buy.  It  integrates  the  functions  of  a  switch  and  router 
with  a  business  phone,  and  adds  functionality  for  the 
remote  worker. 


Delivering  all  of  the  telephony  features  that  businesses 
require,  the  ZIP 4x5  adds  networking  functionality, 
Bluetooth  wireless,  and  voice  activated  dialing.  The  “4x5” 
in  the  name  refers  to  4  call  appearances  and  5  ports. 

Three  ports  connect  to  Ethernet  devices  and  one  connects 
to  your  broadband  modem.  The  fifth  port  provides  an 
analog  connection  to  the  PSTN  (for  local  and  emergency 
calls). 


The  phone  provides  VPN  access,  a  firewall  with  NAT,  a 
switcn,  and  a  router — all  without  additional  devices. 
Powerful,  yet  simple  to  install  and  deploy,  the  ZIP4x5  is 
perfect  for  the  remote  worker.  It's  1 00%  based  on  open 
standards,  making  it  compatible  with  any  IP  phone 
system  using  SIP. 


Call  us  today  and  learn  how 
you  can  benefit  from  the 
features  and  functionality 
of  the  converged 
products  from 
Zultys  Technologies 
the  leader  in 
VoIP  solutions. 
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Zultys  Technologies 

771  Vaqueros  Avenue 
Sunnyvale,  CA  94085 
USA 

Tel: +  1-408-328-0450 
Fax:+1-408-328-0451 
Email:  zultys@zultys.com 
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The  Application  Networking  Company 

Array  Networks,  Inc. 

SP  7.0 

Array  Networks,  the  leader  in  application  networking,  offers  massive¬ 
ly  scalable  networking  appliances  that  provide  breakthrough  applica¬ 
tion  acceleration  and  multi-layered  security  to  application  infrastruc¬ 
ture.  Our  enterprise/server  class  SSL,  VPN  and  application  accelera¬ 
tion  products  securely  extend  the  network  and  enhance  application 
performance  by  intelligent  integration. 

(866)  MY-ARRAY  or  (408)  378-6800  •  www.arraynetworks.net 
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CITADEL' 

SECURITY  SOFTWARE 

Citadel  Security  Software  Inc. 

Hercules® 

Citadel  Security  Software,  a  leader  in  vulnerability  management 
solutions  through  automated  vulnerability  remediation  and  policy 
enforcement,  helps  enterprises  effectively  neutralize  security  vulner¬ 
abilities.  Citadel’s  Hercules®  technology  provides  users  with  full  con¬ 
trol  over  the  automated  remediation  process,  enabling  prioritization 
and  resolution  of  vulnerabilities  and  enforcement  of  security  policies. 
For  more  information,  visit  www.citadel.com. 

(214)  520-9292  •  www.citadel.com 


Digital  V6  Corp. 

Kaveman  1/8/16  Channel  Unit 

Digital  V6  specializes  in  developing  network  management  solutions 
for  mission  critical  IT  environments.  Its  Kaveman  family  of  products, 
consisting  of  1,  8  and  16  channel  configurations,  provides  remote 
control  to  servers  and  serial  devices  via  IP.  Kaveman  offers  complete 
control  with  BIOS  level  access  and  remote  power  cycling  ability.  With 
no  additional  software  or  hardware  required,  Kaveman  is  the  most 
cost-effective  and  non-intrusive  remote  KVM  solution  available. 

(866)  922-2333  •  www.digitalv6.com 
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Equinox 

CCM840,  CCM1640  and  CCM4850 

Equinox,  an  Avocent  Company,  is  the  leading  serial  connectivity 
provider  of  high-speed  serial  communications  and  port  management. 
Our  secure  console  management  over  IP  products  offer  secure 
in-band  and  out-of-band  connections  to  console  ports  of  servers  and 
serially  managed  devices.  CCM  appliances  are  available  in  8,  16  and 
48-port  models. 

(954)  746-9000  •  www.equinox.com 
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Executive  Software 

Sitekeeper® 

Executive  Software  is  the  manufacturer  of  SITEKEEPER  3.1,  the 
affordable,  easy-to-use  systems  management  software  that  handles 
inventory,  license  compliance  reporting,  and  remote  deployment 
of  software,  updates  and  patches.  Sitekeeper  can  even  zero  in 
on  machines  that  are  missing  critical  patches  or  service  packs. 

For  free  30  day  trialware,  visit  www.executive.com/nwskHOT. 

(800)  829-6468  ext.  4278  or  (818)  771-1600  ext.  4278 
www.executive.com/hot 
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F5  Networks 

BIG-IP  Application  Traffic  Management  and 
FirePass  Secure  Remote  Access 

F5  Networks  keeps  IP-based  traffic  flowing  and  business  information 
always  available  to  any  user  from  any  device,  anywhere  in  the  world. 
Our  products  ensure  secure  and  reliable  access  to  servers  and  the 
applications  that  run  on  them.  F5  also  provides  tools  to  automate 
communications  between  applications  and  the  network,  eliminating 
tedious,  manual  processes. 

(206)  272-5555  •  www.f5.com 
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FORumsystEm s 

Forum  Systems,  Inc. 

XWall™  Web  Services  Firewall,  Version  3.0 

Forum  Systems,  Inc.  is  the  leader  in  Web  services  security  with  a 
comprehensive  suite  of  trust  management  and  threat  protection 
solutions  for  the  automated  web.  The  award-winning  Forum  Sentry™, 
Forum  XWall™  and  Forum  Presidio™  are  flexible  hardware,  software 
and  embedded  products  that  actively  protect  Web  services  from  the 
networks  edge  to  the  application  server. 

(801)  313-4400  •  www.forumsys.com 
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Foundry  Networks 


Foundry  Networks  provides  high-performance  enterprise  and  service 
provider  switching  and  routing  network  solutions  including  Layer 
2/3  switches,  Layer  3  switches.  Layer  4-7  Web  switches  and  Metro 
Routers.  Foundry  Networks  serves  5,800+  customers  worldwide 
including  China  Telecom,  Deutsche  Bank,  University  of  Miami,  and 
U.S.  Armed  Forces. 

(408)  586-1700  or  (888)  TURBOLAN  •  www.foundrynetworks.com 


fflfcrick 

Hotbrick  Network  Solutions 

Hotbrick 

HotBrick  Network  Solutions,  a  leading  provider  of  network  security 
solutions  for  small  and  medium-size  enterprises  (SME).  HotBrick’s 
current  line  is  comprised  of  dual  WAN  firewalls  with  features  such  as 
stateful  packet  inspection,  intrusion  detection,  intrusion  prevention, 
VPN,  VLAN  and  content  filtering.  The  new  product  line  will  include 
switches,  SOHO  firewall  routers  and  enterprise  firewalls. 

(305)  398-0888  •  www.hotbrick.com 
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iPass  Inc. 

iPass  Corporate  Access  Service 

iPass  delivers  enterprises  simple,  secure  and  manageable  connectivi¬ 
ty  services  for  mobile  workers  as  they  move  between  office,  home, 
and  remote  locations.  iPass  combines  its  global  network  of  dial-up, 
Ethernet  and  the  world’s  largest  Wi-Fi  footprint  with  support  for 
campus  wireless  LANs  and  home  broadband  connections  to  deliver 
a  unified  and  comprehensive  solution. 

(650)  232-4100  •  www.ipass.com 


All  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible.  Network  World  is  not  liable  for  errors  or  omissions. 


IronPort  is  the  e-mail  security  performance  leader,  powering  and 
protecting  the  most  demanding  networks  in  the  world.  IronPort 
Messaging  Gateway™  appliances  provide  the  first  line  of  e-mail 
defense  combining  anti-spam,  anti-virus,  content  scanning,  sender 
identity  and  reputation,  and  mail  flow  monitoring. 

IronPort.  Rebuilding  the  World’s  Email  Infrastructure. 

(650)  989-6530  •  www.ironport.com/future 
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Network  Instruments,  LLC 

Observer 

Network  Instruments  is  the  leading  developer  of  network  manage¬ 
ment,  analysis  and  troubleshooting  solutions.  The  Observer  family 
of  products  combines  a  comprehensive  management  console  with 
high-performance  Probes  to  provide  monitoring  for  the  entire  net¬ 
work  (LAN,  802.1 1  a/b/g.  Gigabit,  WAN).  Founded  in  1994,  Network 
Instruments  has  offices  throughout  the  world  and  distributors  in 
over  50  countries. 

(800)  826-7919  or  (952)  932-9899  •  www.networkinstruments.com 


OpenNetwork. 

OpenNetwork  Technologies 

Universal  IdP 

OpenNetwork  provides  end-to-end  identity  management  solutions 
that  build  on  companies’  Microsoft-based  technology  infrastructures 
and  extend  them  to  more  efficiently  secure  and  manage  multi¬ 
platform  IT  environments.  Its  Universal  IdP  software  simplifies 
administration  of  user  identities  and  privileges,  letting  you  deliver 
more  services  with  less  administrative  burden  and  at  lower  costs. 
(727)  561-9500  •  www.opennetwork.com 


i RITTAL 

Rittal  Corporation 

Server  and  Networking  Cabinets  and  Accessories 


BOOTH 
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ERJH 

NETWORK  HARDWARE  RESALE 
Network  Hardware  Resale 

We  buy  and  sell  USED  CISCO,  Juniper,  and  Extreme  routers.  Network 
Hardware  Resale,  the  world’s  largest  supplier  of  Used  Cisco, 
offers  50-90%  off  Cisco  Global  list  prices.  If  you  have  equipment 
to  sell,  or  would  like  a  price  on  refurbished  hardware,  contact  us 
at  sales@networkhardware.com. 

(800)451-3407  •  www.networkhardware.com 


Rittal  provides  enclosure  solutions  for  IT  applications,  bringing 
experience  to  designing  smart,  cost  efficient  IT  solutions.  Products 
include  network  and  server  cabinets,  thermal,  power  and  cable 
management,  monitoring  and  security.  From  our  adaptable  TS8 
server  rack,  to  our  innovative  liquid  cooling,  Rittal  products  are 
engineered  to  address  challenges  in  today’s  IT  environments. 

(800)  477-4000  •  www.rittal-corp.com 


Alt  efforts  have  been  made  to  make  this  listing  as  complete  and  accurate  as  possible.  Network  World  is  not  liable  for  errors  or  omissions. 
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Rose  Electronics 

UltraMatrix  Remote 


The  UltraMatrix  Remote  is  a  powerful  product  that  extends  the 
range  and  scope  of  your  user  stations  to  control  your  servers 
around  the  office,  around  the  country  and  around  the  world.  With 
its  superior  quality,  robust  feature  set,  durability,  expandability, 
and  free  life-time  firmware  upgrades,  the  UltraMatrix  Remote  is 
an  outstanding  value  for  IT  departments. 

(800)  333-9343  or  (281)  933-7673  •  www.rose.com 


BOOTH 
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StarTech.com 


StarTech.com 

Server  Remote  Control 


StarTech.com  is  the  professionals’  source  for  server  management 
solutions  including  KVM  switches  and  rack  cabinets.  StarTech.com’s 
“Server  Remote  Control”  is  a  new  KVM  control  over  IP  product  with 
exclusive  Virtual  Drive  Technology  that  allows  users  to  update 
or  install  software  on  remote  servers  from  anywhere  in  the  world 
over  IP. 

(888)  720-0205  •  www.startech.com 


BOOTH 

762 


////Tarari 


The  Acceleration  Company 


Tarari,  Inc. 

Tarari  RAX  Content  Processor 


Tarari,  Inc.,  winner  of  the  Best  Start-Up  award  at  NetWorld+Interop 
last  year  will  be  showing  a  new  “XML  in  Silicon”  Content  Processor 
that  out  performs  software  by  up  to  200  fold.  Finally,  enterprise 
customers,  ISVs  and  network  vendors  can  achieve  gigabit  XML 
processing  in  near-zero  CPU  time. 

(858)  385-5131  •  www.tarari.com 
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WildPackets 
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WildPackets,  Inc. 

Omni3 


Since  1990,  WildPackets  has  been  advancing  the  science  of  network 
fault  analysis.  From  the  desktop  to  the  datacenter,  from  wireless 
LANs  to  Gigabit  backbones,  on  local  segments  and  across  distributed 
networks,  WildPackets  products  enable  IT  organizations  to  quickly 
find  and  fix  problems  affecting  mission-critical  network  services. 
(800)  466-2447  or  (925)  937-3200  •  www.wildpackets.com 
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Xtore  Extreme  Storage 


Xtore  is  the  global  market  leader  in  delivering  white  box  storage 
systems,  subsystems  and  data  protection  solutions  to  the  OEM 
and  solution  provider  markets.  We  focus  on  powerful,  cost-effective 
network-attached  storage  (NAS),  direct-attached  storage  (DAS), 
and  storage  area  networks  (SAN). 

(626)  581-4433  •  www.xtore-es.com 
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Seattle 

tendon 

Bangalore 

Cape  Town 
Sydney 


Raritan's  Dominion™  KX.  Better  KVM  Over  IP. 


Now  you  can  be  everywhere  you  need  to  be.  Instantly.  Because  now  you  can  access,  diagnose  and  monitor  servers  -  even  the  worst 
server  problems  -  in  any  location  in  the  world  without  ever  leaving  your  chair.  With  Raritan's  19  years  of  innovation  in  the  Data 
Center,  you  now  have  the  newest  and  most  dependable  choice  for  an  integrated  KVM  over  IP  switch:  Dominion  KX.  It's  a  plug-and- 
play  appliance.  It's  incredibly  scalable.  It  works  even  when  your  network  is  down.  And  by  encrypting  all  KVM  data,  including  video, 
KX  provides  the  industry's  most  secure  KVM  over  IP  technology.  It’s  the  KVM  option  that  will  make  other  options  obsolete. 


To  schedule  a  test  drive,  call  1-800-724-8090  x925  or  visit  us  at  www.raritan.com/925 
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The  KX  Digital  KVM  Switch 
is  one  part  of 

RARITAN'S  DOMINION  SERIES 

The  complete  Data  Center 
Management  Solution 


Dominion 


Raritan 


When  you're  ready  to  take  control. 


www.nwfusion.com 
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Management 


■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


Negotiation  know-how 

Minimize  risk  by  delegating  the  job  to  a  skilled  professional  and  establishing  processes  and  procedures. 


■  BY  NANCY  MARKLE 

In  my  experience  working  as  a  CIO  for  several  big  corporations, 
I’ve  learned  that  creating  an  effective  vendor-negotiation  process 
for  everything  from  licensing  models  to  service-level  agreements  is 
critical  to  maintaining  competitive  edge. 

When  I  first  became  CIO  at  Home  Savings  of  America  in  1994, 1  read  contracts  every 
spare  moment,  even  on  the  ferry  on  the  way  to  Catalina  Island  while  the  rest  of  the  pas¬ 
sengers  were  delighting  in  watching  the  dolphins  frolicking  in  the  water. That  is,  until  1 
hired  a  chief  negotiator:  Ken  Horner,  who  is  now  an  executive  vice  president  with 
IndyMac  Bank. 

For  senior  management,  delegating  this  responsibility  to  someone  else  is  not  without 
its  risks.  However,  a  chief  negotiator  who  does  the  job  well  can  get  the  most  out  of  your 
IT  investments. 

Senior  managers  must  have  utmost  faith  in  the  person  or  team  you  designate  to  han¬ 
dle  the  negotiations.  As  a  CIO, I  often  found  that  vendors  attempted  an  end-around  when 
negotiations  didn’t  proceed  in  their  favor. They  would  try  to  contact  me  directly  or  lobby 
my  direct  reports  to  get  involved  on  their  behalf. When  you  put  a  well-trained  and  qual¬ 
ified  person  or  team  in  charge  of  contract  negotiations,  resist  the  urge  to  roll  up  your 
sleeves  and  get  involved. 

But  how  do  you  know  if  you  have  the  right  person  or  team  handling  the  negotiations? 
Good  negotiators  have  done  their  homework,  understand  the  needs  and  scope  of  the 
particular  project  or  technology,  and  can  communicate  both  up  and  down  the  corpo¬ 
rate  ladder. 

When  1  hired  Horner  as  my  chief  negotiator,  the  first  thing  we  did  was  establish  what 
we  both  expected  from  him  and  his  organization;  the  structure  of  his  organization;  and 
what  he  needed  to  do  to  stay  on  top  of  the  vendors.  We  developed  in-house  boilerplate 
language  with  the  attorneys  so  I  didn’t  have  to  review  the  same  contractual  basics,  nor 
did  the  attorneys.  We  also  developed  a  one-page  executive  summary  outline  so  we  had 
the  fundamentals  of  the  contract  readily  available  for  presentation  and  discussion  with 
the  chairman  and/or  the  board. 

The  CEO,  CFO  and  I  agreed  on  governance  issues, such  as  how  much  money  each  man¬ 
agement  level  had  authority  over  and  whom  it  had  to  go  to  if  we  exceeded  that  figure. 

We  also  developed  a  checklist  cover  page  with  approval  levels  and  signature  lines.  For 
example,  if  a  contract  was  for  $10  million  and  I  needed  to  sign  off  on  any  invest¬ 
ments  of  more  than  $1  million,  the  project  manager,  user  project  manager  and 
any  management  between  them  and  me  would  also  have  to  sign  off.  If  the 
contract  or  purchase  involved  a  user  group,  1  had  my  colleague  in  the  user 
group  approve  it,  too. 

Once  the  logistics  are  worked  out,  your  negotiator  or  negotiation 
group  is  free  to  focus  on  execution.  What  follows  are  some  guidelines 
for  how  to  ensure  they  protect  your  company’s  interests. 

1.  Seek  flexibility  and  scalability.  Things  can  and  do  change, so  a 

good  negotiator  will  build  enough  flexibility  into  the  negotiations  to 
help  protect  your  company  from  risk  and  exposure  when  a  technol¬ 
ogy  changes  or  new  opportunities  such  as  VoIP  arise. 

Vendors  often  fail  to  meet  their  promises  regarding  scalability  The 
negotiator  needs  to  make  sure  the  platform  will  work  as  your  organiza¬ 
tional  needs  grow  by  building  into  the  contract  consequences  if  certain  criteria  aren’t 
met, such  as  expected  response  time  when  volumes  increase. 


2.  Play  SO  that  everyone  wins.  One  common  mistake  many  firms  make  is  to  beat  up 
a  vendor  to  get  the  absolute  lowest  price.  If  the  vendor  operates  at  a  loss,  sooner  or 
later  there  will  be  harsh  consequences  for  your  company  especially  if  the  vendor  goes 
out  of  business.  Perhaps  you’ll  be  forced  to  pay  more  for  every  change  to  the  agree¬ 
ment,  or  you’ll  get  the  shaft  on  customer  service  because  another  client  is  paying 
more  for  the  same  thing. 

3.  Take  names  and  numbers.  References  are  a  key  component  of  any  negotiation. 
Along  with  the  standard  supplied  references,  the  negotiator  should  ask  the  vendor  for 
names  of  companies  that  had  challenges  with  the  vendor  (not-so-good  references). 

For  both  good  and  bad  references,  seek  out  other  key  decision-makers,  influencers 
and  end  users  within  those  companies. That  might  mean  talking  to  the  CFO,  project 
manager,  user  or  programmer.  Have  your  respective  project  leaders  and  end  users  par¬ 
ticipate  in  the  reference  checks  by  talking  to  their  counterparts. 

Why  do  it  this  way?  All  involved  will  glean  some  lessons  from  the  other  company’s 
experience  and  mistakes.  And  your  team  will  be  able  to  build  a  trusted  relationship  with 


Get  more  online! 

Make  a  better  telecom  services  deal 
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negotiations,  resist  the  urge  to  roll  up  your 
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Nancy  Markle 

President,  Society  for  Information  Management 


the  reference  company  and  keep  in  touch  as  deployment  challenges  arise,  possibly 
avoiding  costly  missteps.  And  finally,  your  negotiator  will  be  working  from  a  position  of 
strength  by  talking  to  the  reference  company’s  negotiator  and  will  be  better  prepared  to 
work  out  the  best  deal  for  your  company. 

4.  Manage  the  life  Of  the  contract.  Vendor  management  throughout  the  life  cycle  of 
the  contract  is  crucial.  When  organizations  don’t  practice  good  vendor  management,  it 
might  be  very  costly  when  there  is  a  risk  or  problem  discovered  in  the  later  phases. 
Your  employees  need  to  know  when  to  escalate  problems  to  the  corporate  level 
or  direct  reports  if  a  vendor  doesn’t  meet  the  standards  laid  out  in  the  con¬ 
tract.  People  are  often  afraid  to  raise  a  red  flag  because  they  don’t  want  to 
be  blamed. 

Finally,  it’s  critical  to  monitor  the  milestones  set  in  the  contract  to  make 
sure  they’re  being  met,  instead  of  waiting  until  the  contract  comes  back 
up  for  review  two  or  three  years  down  the  road.  By  that  time,  you  might 
have  poured  millions  and  millions  of  dollars  down  the  drain  on  a  project 
or  technology  that  easily  could  have  been  fixed  or  replaced  much  earl¬ 
ier.  That’s  when  all  that  work  the  negotiator  put  into  designing  the  con¬ 
tract  will  pay  off. 


Markle  is  president  of  the  Society  for  information  Management,  a  pro¬ 
fessional  association  in  Chicago  that  provides  resources  and  programs  to 
help  IT  leaders  develop  their  management  skills  and  enhance  their  busi¬ 
ness  knowledge.  She  has  more  than  30  years  of  experience  in  the  IT  and  business  world, 
including  stints  as  CIO  at  Arthur  Andersen  Americas,  Home  Savings  of  America,  Fannie 
Mae  and  Georgia  Power.  She  can  be  reached  at  nmarkle@fielding.edu. 
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Remote  access  &  support 
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NetOp 

RemoteControl 


Control  one  or  more  PCs  at  the  same  time  -  regardless  of  OS. 


Controlling 
your  PC,  or 
assisting  users, 
is  as  close  as 
your  key  chain. 

New  NetOp 
Remote  Control  v7.65  lets  you 
remotely  access  and  support  all  your 
Windows,  Linux,  Mac  OS  X,  and  CE 
Devices  from  a  desktop,  Pocket  PC, 
Internet  connected  PC  or  now  from  a 
USB  Thumb  Drive.  Standardize  on 
award-winning  NetOp  Remote 
Control  for  faster,  more  secure,  remote 
control  and  support.  Take  a  FREE 
test-flight  today. 


©  Copyright  2000-2004  Danware  Data  A/S.  All  rights  reserved.  NetOp  and  the  red  kite  are  registered  trademarks  of  Danware  Data  A/S.  Other  brand  and  product  names  are  trademarks  of  their  respective  holders. 


Control  PCs  from  a 
desktop,  PocketPC, 
Browser  or  USB  Flash 
Drive 


Editor's  Choice 

PC  Professional  -  2004 


Editor's  Choice 

Computerworld  -  2003 


Editor's  Choice 

PC  Magazine  -  2002 


Editor's  Choice 

PC  Direct  -  2001 


Editor's  Choice 

PC  World  -  2000 


Editor's  Choice 

Computer  Reseller  News  -  1999 
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CrossTec 

Corporation 


Toll-free  sales  and  support:  800.675.0729 
Services@CrossTecCorp.com 


www.CrossTecCorp.com 


✓  Building  Firewalls  for  over  1 0  years 

✓  ICSA  4.0  Corporate  Certification' 

✓  5  appliances  to  match  your  network  needs 

✓  Easy,  Flexible  Implementation  Options 

✓  IPSecVPN 

✓  Affordable  pricing 


Global 
Technology 
Associates,  Inc. 


1 -800-77 5-4GTA  •  www.gta.com  •  lnfo@gta.com 


GTA  Firewall  Products 

Tough  Network  Security 


Fingerprint  Authentication  Scanner  Enterprise  KVM  Solutions 

AlterPath™Bio  AlterPath,MKVM 


Advanced  Console  Servers 

AlterPath™ACS 


Network  Management  Gateway  Intelligent  Power  Distribution  Units 

AlterPath™  Manager  AlterPath™PM 


Cyclades'  data  center  management  solutions  offer  a  full  range 
of  security  features  across  its  entire  product  line  of  console  servers, 
power  management,  KVM,  biometric  scanner  and  network  management 
With  SSH  v2,  IP  Filtering,  strong  authentication,  event  logging  and 
data  logging,  Cyclades  can  make  your  network  into  a  secure 
heavyweight  contender  in  the  data  center  world. 


For  a  FREE  white  paper  on  data  center  security,  please  visit  us  at  www.cyclades.com/securitywp 
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www.cyclades.com/nw 

1.888.cyc!ades  •  1.888.292.5233  •  sales@cyclades.com 


cyclades 

Everywhere  with  Linux 


©2004  Cyclades  Corporation.  All  rights  reserved.  All  other  trademarks  and  product  images  are  property  of  their  respective  owners.  Product  information  subject  to  change  without  notice. 


Visit  us  online: 
www.minutemanups.com/nww 


Try  our  UPS  selection  tool 

www.sizemyups.com 


When  the  Power  Goes  Out 
Are  You  Still  Recording? 

Don't  let  your  CCTV  system  or  security  network  go  down  because  the  power  fails. 
Keep  your  Digital  Video  Recorders  (DVRs),  cameras,  and  your  entire  security 
network  up  and  running  during  a  power  failure  with  an  uninterruptible  power  supply 
system  from  MINUTEMAN  UPS. 


Continuous  power  for  rack,  wall,  and  floormount  installations 
Extended  backup  runtime  options  available 
Remote  power  management  options  available 
3-year  warranties  on  most  models  -  the  longest  in  the  industry 


ai 


For  assistance  in  choosing  the  right  MINUTEMAN  UPS  product  for  your  system, 
call  us  at  800.238.7272  or  contact  one  of  our  national  distribution  partners. 
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Rose  Electronics 
10707  Stancliff  Road 
Houston,  Texas  77099 

ROSE  US  +281  933  7673 

ROSE  EUROPE  +44  (0)  1 264  850574 

ROSE  ASIA  +65  6324  2322 

ROSE  AUSTRALIA  +617  3388  1540 


Local  or  Remote  Server  Management  Solutions 


UltraMatrix  Remote" 

REMOTE  MULTIPLE  USER  KVM  MATRIX  SWITCH 
ACCESS  OVER  IP  OR  LOCALLY 


Vista"  &  Vista-Mini 

LOW  COST  SINGLE-USER  KVM  SWITCH 
SUPPORTS  UP  TO  64  COMPUTERS 


'  RackView™ 

KVM  RACK  DRAWER  WITH  KVM  SWITCH  OPTION 


UltraMatrix 


Connects  1000  computers  to  multiple  user  stations  over  IP  or  locally 
High  quality  video  up  to  1280  x  1024 
Scaling,  scrolling,  and  auto-size  features 

Secure  encrypted  operation  with  login  and  computer  access  control 
Advanced  visual  interface  (AVI) 

No  need  to  power  down  servers  to  install 
Free  lifetime  upgrade  of  firmware 
Available  in  several  models 
Easy  to  expand 


E-series 


CrystalView™  Pro  Fiber 

DVD/VGA  DIGITAL  KVM  EXTENDERS  OVER  FIBER 


PROFESSIONAL  MULTI-USER  KVM  SWITCH 
2  -  4  KVM  STATIONS  TO  1,000s  OF  COMPUTERS 


PC  or  multi-platform  (  PC/Unix,  Sun,  Apple,  others) 
Advanced  visual  interface  (AVI) 

Powerful,  expandable,  low  cost 
Easy  to  expand 

No  need  to  power  down  most  servers  to  install 
Security  features  prevent  unauthorized  access 
Free  lifetime  upgrade  of  firmware 
Video  resolution  up  to  1600  x  1280 
Available  in  several  models 


Low  cost  and  easy  to  use 
Saves  physical  space,  equipment  and  power  costs, 
reduces  clutter 

Available  in  two  different  styles 

DB25  connectors,  use  Rose  UltraCable,  supports 
USB 

•  PC  connectors,  use  a  separate  cable  for  keyboard, 
mouse,  and  monitor 

Front  panel  LEDs  show  power  &  connection  status 
Heavy-duty  steel,  fully  shielded  chassis 
Rackmountable 


CrystalView  Cat  5  &  6 
CrystalView  Plus" 

KVM  EXTENDERS  OVER  CAT  5  &  6 


Extend  your  KVM  station  up  to  1,000  feet  from  your  computer 

using  standard  CAT  5/6  cables 

VGA,  PC,  Sun,  Serial,  Audio,  and  Mini  versions 

Available  in  2  models: 

Single  Access  -  Extends  keyboard,  monitor,  and  mouse 
50  to  1,000  feet  away 

•  Dual  Access  -  Allows  you  to  add  a  second  keyboard, 
monitor,  and  mouse  to  the  local  unit 
Fully  buffered  signals  to  ensure  consistent  remote  operation 
of  your  PC 
CrystalView  Plus 

Available  in  single,  dual,  and  quad  video  models 
Video  resolution  up  to  1600  x  1200 


A  KVM  switch  allows  single  or  multiple 
workstations  to  have  local  or  remote  access  to 
multiple  computers  located  in  server  rooms  or 
on  the  desktop  regardless  of  their  platforms 
d  operating  systems.  KVM  switches  have 
'3d  t;onally  provided  cost  savings  in  reducing 
■  nergy  and  equipment  costs  while  freeing  up 
valuable  real  estate. 

Recognized  as  the  pioneer  of  KVM  switch 
•  cnnology,  Rose  Electronics  offers  the 
dustry's  most  comprehensive  range  of 
t  rver  management  products  such  as  KVM 
, vitches,  extenders  and  remote  access 
solutions.  Rose  Electronics  products  are 
known  for  their  quality,  scalability,  ease  of  use 
and  innovative  technology. 

Rose  Electronics  is  privately  held  with  world- 
r-eadquarters  in  Houston,  Texas  and  sells  its 
products  worldwide  through  a  large  network  of 
Resellers  and  Distributors.  Rose  has 
operations  in  the  United  Kingdom,  Spain, 
Germany,  Benelux,  Singapore  and  Australia. 


•  Connect  to  remote  computers  over  Ethernet  or  dial-up 

•  Single,  dual,  quad  models 

•  Up  to  1280x1024  resolution,  supports  all  platforms 

•  Scaling,  scrolling,  and  auto-size  features 

•  Easy  to  install,  give  it  an  IP  address  and  run  the  remote  client,  no 
licensing  required 

•  Quad  screen  mode  allows  you  to  see  four  servers  from  one  screen 

•  Secure  encrypted  operation  with  login  and  computer  access  control 


•  Connects  up  to  1000  computers  to  a  KVM  station 

•  Models  for  4,  8,16  computers 

•  Advanced  visual  interface  (AVI) 

•  Compatible  with  Windows,  Linux,  Solaris,  and  other  O/S 

•  Connects  to  PS/2,  Sun,  USB,  or  serial  devices 

•  Converts  RS232  serial  to  VGA  and  PS/2  keyboard 

•  Free  lifetime  upgrade  of  firmware 

•  Security  features  prevent  unauthorized  access 

•  Full  emulation  of  keyboard  and  mouse  functions  for 
automatic,  simultaneous  booting 

•  Easy  to  expand 


UltraLink™ 

REMOTE  KVM  ACCESS  OVER 
ETHERNET  OR  DIAL-UP 


UltraConsole" 

PROFESSIONAL  SINGLE-USER  KVM  SWITCH 
SUPPORTS  UP  TO  1000  COMPUTERS 


800  333  9343 

WWW.ROSE.COM 


^ELECTRONICS 
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western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  926  1  8-25  1  7 


Celebrating  our  40th 
Year  in  DataCom 


Keeping  the  Net.. .Working! 


Reboot  your  Network  Equipment  via  Telnet,  Dial-Up  and  Local  Console 


St  Eight  (8)  Individual  Outlets 
S3  Dual  15-Amp  Circuits 

■  Integrated  10~BaseT  Interface 

B  RS-232  Modem  and  Console  Ports 
m  Outlet-Specific  Password  Security 
a  Network  Security  Features 

■  Power-up  Sequencing 
s  Co-Location  Features 

B  Modem  Auto-Setup  Command  Strings 


m 


Metwork  equipment  sometimes  "locks-up”  requiring  a 
service  call  just  to  flip  the  power  switch  to  perform  a 
simple  reboot.  The  NPS  Network  Power  Switch  gives 
network  administrators  the  ability  to  perform  this 
function  from  anywhere  on  the  LAN/WAN,  or  if  the 
network  is  down,  to  simply  dial-in  from  a  standard 
external  modem  for  out-of-band  power  control. 


Individually 
Programmable 
Outlet  Plugs  (8) 


1 0Base-T  Ethernet 
Interface 


1 9”  Rack  Brackets 
Allow  Front,  Back,  or 
Center  Mounting 


WWW.Wti.com  (800)  854-7226 


Dual  15  Amp 
Power  Circuits 


By  Mark  Gibbs 
Network  World 
2/18/02 


RS232 
onsole  Port 


•  In  business  since  1989 
Specialists  in  Linux,  BSD,  X86  Solaris 
On-site  warranty,  next-business-day 
cross-ship  options  available. 


ASA  —  Custom  Servers  and  Storage 
www.asacomputers.com  •  866-382-5263 

2354  Calle  Del  Mundo,  Santa  Clara,  CA  95054 

For  details/inquiries/customization  email:  sales@asacomputers.com 

All  Systems  are  pre-loaded  with  any  Linux/BSD  version/distribution  of  your  choice.  On-site  warranty,  cross-ship  options  available. 


MINI  SUPER  for  Clusters 


1U  14"  Depth 

1  of  2  Intel*  Xeon™  processors  2.4  GHZ 
Serial.  VGA,  USB  2.0,  Mouse,  Keyboard 
All  ports  Front  Accessible 
1  x  10/100,  1  x  Gigabit  LAN 
512  MB  DDR  ECC  (Max  8  GB) 

Options:  CD,  Floppy 


$1249 


NO-FRILLS  STORAGE  SERVER 

6TB  SATA  storage  in  5U! 

Dual  Intel*  Xeon™ processors  2.4  GHz 
512  MB  DDR  ECC  Memory  (Max  8  GB) 

3  Raid  5  volumes  of  2TB  each 
Dual  Gigabit  LAN.  CD 

Options:  IDE,  SCSI  Drives,  Firewire,  DVD-RW, 
CDRW.  64-  bit  OS  configuration,  Additional  LAN, 
Floppy,  Fiber  Gigabit 


cio  noo 


Stop  juggling  with 
multiple  management  tools 


Keep  IT  simple 


^  ManageEngine" 

If^OpM; 

Network,  Systems  and  Application  Management 


Take  control  of  your  network,  systems  and  application 
infrastructure  before  it  controls  you.  OpManager  provides 
integrated  management  for  IT  infrastructure. 

Move  to  integrated  management  Try  OpManager  today. 


Available  for  Linux,  Solaris  and  Windows 


www.opmanager.com 


FREE 

30  Oay  Trial 


Reading  someone  else’s  copy  of 

NetworkWorld 


NetworkWorld 


Apply  for  your  own  FF  lEE 
subscription  today 

subscribenw.com/b03 


FREE  subscription 

r 

(51  Issues) 

Apply  online  at: 

subscribenw.com/b03 


subscribenw.com/b03 

Apply  for  your 

FREE 

Network  World 
subscription  today! 


How  does  your  rack  really  stack  up? 


Take  the  APC  Rack  Challenge  and  find  out  how 
the  New  NetShelter®  VX  outperforms  your  brand. 

Whether  you  are  consolidating  servers,  relocating  your  data  center,  or  centralizing 
distributed  networks,  selecting  the  right  brand  of  enclosure  is  crucial  to  successful 
implementation.  Take  the  APC  Rack  Challenge  today  to  make  sure  your  facts  and 
your  racks  really  stack  up. 


THE  APC  RACK  CHALLENGE 


1  Name:  Title: 

1  Company:  Phone: 

1  Address: 

1  How  many  racks  do  you  currently  have  installed? 

:  Features  to  expect  in  today's 

IT  rack  enclosures 

NetShelter®  VX 
(AR2101BLK) 

no  side  panels 

Compaq  Rack 
10000  Series 
(245161-B21) 

no  side  panels 

Your  rack  brand  here: 

r  —  ~  —  —  ~  —  —  —  n 

1  1 

1  1 

1  1 

t.  —  —  —  _.i 

1  Integrated  rear  power  distribution 

channels  that  provide  zero-U, 
toolless  mounting  of  basic, 
metered,  and  switched  rack-mount 

I  power  distribution  units. 

n 

& 

/  \ 

l  r 

\  / 

Integrated  rear  cable  management 
channels  that  allow  efficient  cable 
routing  and  easily  accessible 
cable  containment. 

y 

$ 

r"  \ 
t  « 

\  / 

Available  with  scalable 
cooling  options  to  support 
heat  densities  up  to  7.5kW*. 

y 

& 

t"  "\ 

X  1 

\  / 

Exceeds  major  server  requirements 
|  for  front  door  ventilation. 

y 

y 

/*"*  *\ 

X  1 

\  _  ✓ 

Meets  or  exceeds  warranty 
requirements  for  all  major  servers. 

y 

y 

"*\ 
t  1 

\,/ 

InfraStruXure  compatible. 

Seamlessly  integrates  into  APC's 
modular,  manageable,  pre-engineered 
data  center  architecture. 

y 

& 

/  \ 

t  1 

Vendor  neutral  rack  configurator 
designed  to  support  most  third  party 
servers  and  networking  devices. 

y 

& 

**\ 

X  1 

\  ^  / 

|  5-year  warranty 

y 

x 

/  \ 

i  r 

■ 

1  "Fits  Like  a  Glove"**  money  back 

j  guarantee  that  all  IT  equipment 
will  fit  in  the  rack. 

HP/COMPAQ  •  SUN  •  IBM 

& 

/"*  **\ 
i  « 

DEU  •  CISCO  •  LUCENT ^ 

j  Compare!  Savings 

^  of  almost  40% 

s1039 

*1359' 

!$  i 

i  t 

t  t 

Vaol 

TAKE  THE  RACK 
CHALLENGE  TODAY! 


I  took  the  S/ 
APC  RACK 
CHALLENGE! 


Online: 

http://promo.apc.com  •  Key  Code  q796y 


By  Fax: 

1)  Fill  in  your  business  information, 
indicate  your  rack  brand  of  choice, 
and  check  off  the  applicable  fields. 

2)  Fax  the  completed  Rack  Challenge 
to  the  following  number: 

Fax  401-788-2797 


«ap£?t! 


RECEIVE 
YOUR  FREE  T-SHIRT 


Be  one  of  the  first  100  respon¬ 
dents  and  receive  a  FREE  "I  took 
the  APC  Rack  Challenge"  T-shirt! 


Designed  specifically  for  the  cabling, 
cooling  and  security  demands  of  today's 
IT  environments,  the  NetShelter®  VX  is  a 
complete  infrastructure  compatible  with  a 
full  range  of  integrated  APC  components. 
Vendor-neutral,  all  you  need  to  add  are 
the  servers  of  your  choice. 


NetworkAIR™  RM  Air  Distribution  Unit 


Unique  2U  rack-mounted  fan 
unit  delivers  additional  cool 
air  and  improves  circulation. 


1U  Rack-mount  LCD 
Monitor/Keyboard  Drawer 

Maximizes  space  in 
data  center  environments. 


Environmental  Monitoring  Unit 


Monitors  ambient  temperature,  B 
humidity  and  other  environmental 
conditions  in  racks. 


Rack-mount  PDU 

Provides  up  to  5.7kW  of  power, 
eliminating  the  need  for  multiple 
outlet  strips  per  rack.  Available  for 
both  single-  and  3-phase  input  power. 


*  Based  on  APC  Internal  Research  and  testing.  **  See  link  on 
promotions  page  for  terms  and  conditions,  f  Source  of 
average  pricing:  www.HP.com.  Prices  may  vary  or  change 
from  time  to  time.  Not  applicable  to  other  SKU's  or  models. 


Legendary  Reliability 


©2004  American  Power  Conversion  Corporation.  All  Trademarks  are  the  property  of  their  owners  •  Call:  888-289-APCC  x6716  E-mail:  esupport@apcc.com  •  132  Fairgrounds  Road.  West  Kingston,  Rl  02892  USA  •  NS1  A4EF-USa 
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Do  You 


Server  Technology 

Solutions  for  the  Data  Center  Equipment  Cabinet 


When  servers  and  network  devices 
in  the  data  center  lock-up,  network 
managers  need  fast,  secure  and 
reliable  tools  to  respond.  With 
Sentry™  Remote  Site  Managers, 
an  administrator  can  immediately 
reboot  a  remote  system  with  just 
a  few  mouse  clicks.  Sentry  also 
provides  accurate  input  current 
power  monitoring,  environmental 
monitoring  and  integrated  secure 
console  management  using  SSH. 


Sentry  Gives  you  Secure  Web/I  P  Based  Remote  Site  Management 


"NEW!"  Secure  Shell  (SSHv2)  Encryption  « 
"NEW!"  SSLv3  Secure  Web  Browser « 
"NEW!"  Active  Directory  with  LDAP  « 
SNMP  MIB  &  Traps  « 
Integrated  Secure  Modem  « 
True  RMS  Power  Monitoring  « 
Outlet  Receptacle  Grouping  for  Dual-Power  Servers  « 
Fail-Safe  Transfer  Switch  for  Single-Power  Supply  Servers  « 
Power-up  Sequencing  Prevents  Power  In-rush  Overload  « 
Temperature  &  Humidity  Environmental  Monitoring  « 
Zero  U  &  Rack-mount  Models  « 
110/208  VAC  Models  with  30-Amp  Power  Distribution  « 
NEBS  Approved  -48  VDC  Models  Available  « 


HD16 


Server  Technology,  Inc. 

Server  Technology,  Inc.  toll  free  +1 .800.835.1 51 5 

1 040  Sandhill  Drive  tel  +1 .775.284.2000 

Reno,  NV  89521  fax  +1 .775.284.2065 

USA  .  . 

www.servertech.com 

sales@servertech.com 


©Server  Technology,  Inc.  Sentry  is  a  trademark  of  Server  Technology,  Inc 


Custom  Management  Levels 


Test-drive  the  new  Observer  9  today  and  see  how  it  immediately 
finds  problems  you  didn’t  know  you  had,  optimizes  network  traffic 
and  provides  insight  for  future  planning.  Call  800-526-5958  for 
a  full  featured  evaluation  or  visit  our  website  at 

www.networkinstruments.com/nine 


OBSERVER 

•  Decode  over  500  protocols 

•  Long-term  network  trending  &  analysis 

•  Real-time  statistics 


Remote  &  Hardware  Options 


REMOTE  NETWORKING  PROBES 

•  Fully  distributed 

•  Monitor  up  to  64  NICs  simultaneously 

•  New  levels  of  problem  solving  collaboration 


EXPERT  OBSERVER 

•  What-lf  Modeling  Analysis 

•  Expert  Analysis 

•  Connection  Dynamics 

OBSERVER  SUITE 

•  Complete  SNMP  device  management 

•  Supports  full  RM0N1,  RM0N2,  HCRM0N 

. 

•  Web  Publishing  Reports 


Introducing  Observer  9 


GIGABIT  &  WAN  HARDWARE  OPTIONS 

•  Portable  analyzer  systems 

•  Rack-mount  Probes  ready  to  go 

•  Direct,  passive  link  for  independent  views 


New  Application  Analysis 

Remote  probes  now  provide  multi-interface  and 

multi-session  support 

Industry-first  4GB  packet  capture  butter 

Wireless  Site  Survey  Modes 

Nanosecond  resolution 

Now  over  450  Expert  Events 

SNMP,  RM0N  and  now  HCRM0N  support 


One  Network  Complete  Control  Wired  to  Wireless  •  LAN  to  WAN 


V2/ 


OBSERVES 


I 


OBSERVER 


www.networkinstruments.com/nine 

©  2004  Network  Instruments.  LLC.  All  rights  reserved.  Observer,  Network  Instruments  and  the 
Network  Instruments  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
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EQUINOX 


an  Avocent  Company 


Secure  Console  Port  Management 


Extend  Your  Reach 


Relax  and  fix  the  problem 
from  virtually  anywhere. 

When  critical  servers  or  network  equipment 
malfunction,  the  Equinox  CCM  console 
manager  and  AVWorks®  management 
software  give  you  the  tools  to  securely  and 
quickly  restore  normal  functionality  from 
anywhere.  Extend  your  reach. 


Visit  Equinox  at: 

NETWORLD 

INTEROP 

LAS  VEGAS  •  HAY  9  14.  2004 

May  11  -13,  2004 
Booth  #411 


Telnet 

Client 


For  your  free  white  paper  on 
Best  Practices  for  Secure 
Console  Port  Management  visit 

www.eq  u  i  n  ox.com/ccm4 

For  a  30-day  product  evaluation 
call  1-800-275-3500  ext.  247  or 
954-746-9000  ext.  247 


CCM  Console  Manager  features: 

■  SSH  v2/Telnet  host  ■  In/out  of  band  access 

■  Strong  authentication  ■  Point  and  click  access 

■  Offline  buffering  to  serial  consoles,  KVM 

■  SUN  break  safe  and  power* 

*  To  be  provided  in  future  upgrade  for  the  48-port  model. 


Dial  Access 
Client 


Linux  Server 
Unix  Server 
Windows  Server 
Router 
Switch 


Power 

Control 


One  Equinox  Way,  Sunrise  FL  33351,  email:  sales@equinox.com  or  for  international  customers  email:  intlsales@equinox.com. 

©  2004  Avocent  Corporation.  Equinox  and  AVWorks  are  registered  trademarks  of  Avocent  Corporation  or  its  affiliates.  All  other  marks  are  the  property  of  their  respective  owners. 


Overheated? 

Plug  In 
The  Simple 
Solution. 

MovinCool  spot  air  conditioners  are 

the  answer  to  your  overheating  problems. 

Just  roll  it  in.  Plug  it  in.  Turn  it  on. 

It’s  that  simple. 

►Up  to  60,000  Btu/h  of  cooling 
power  right  where  and  when 
|  you  need  it 

►  Protects  against  data  loss  and 
equipment  failure 

►#1  portable  air  conditioning 
for  over  30  years 

►The  only  portable  air 
conditioner  ETL-verified 
for  performance 

MOVINCOOL 

THE  #1  PORTABLE  SPOT  COOLING  SOLUTION 

800-264-9573  or  visit  www.movincool.com 

©2004  DENSO  Sales  California,  Inc.  MovinCool,  SpotCool  and  Office  Pro  are  registered  trademarks  of  DENSO  Corporation. 
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COMMUNICATIONS 


PRODUCTS 


We  Buy  and  Sell 

New  and  Refurt 

Fully  Guarar 
Overnight  Delivery 


mmt 


_  CISCO 

m  Including  IGX, 
BPX&MGX 


Routei 
Switches 
Interface  modules 
Access  Servers 
Muxes 
DSU/CSU's 


r  Nortel  (Bay)  Networks  ;:g 
Lucent (Ascend) 

Juniper  •  Extreme  ■  Foundry 
Adtran  ■  Larscom  ■  ADC  &  others  ! 


mm 


www.mlcp.com 

sales@mlcp.com 


800-T0-MULTI  800-866-8584 


i/nm 
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BACKUP  AND 
RESTORE  YOUR  WAY: 
OVER  THE  NETWORK. 


Do  fast,  local  backups  &  restores  over  the  LAN. 


Move  your  data  offsite  reliably  over  the  WAN 


The  RocketVault™  appliance  is  a 
whole  new  breed  of  backup  and 
archiving  solution  for  small  and 
midsized  businesses.  Say  goodbye  to 
tape — we're  talking  lightning  fast 
disk-to-disk  technology. 


Analysts  say  50-60%  of  backups  fail 
due  to  the  unreliability  of  tape  and 
associated  human  error.  Tape  vendors 
say  it's  not  the  tape — it's  user  interven¬ 
tion.  We  say,  why  argue?  Remove  both! 
Why  risk  "nine  fives"  reliability  when 
you  can  have  "five  nines"? 


"RocketVault  is  the  first  product  to  bring 
enterprise-class  server  backup  automation 
within  the  price  range  of  small  business. " 

James  Gaskin,  Network  World 


S  Winning  company:  tntraDyn 
2003  [yoctxt:  RocketVautt 


INTRADYN 

Data  Protection  Made  Simple 

2930  Waters  Road  Eagan,  MN  55121  651.203.4600  800.284.4156 
wwvv.intradyn.com  simplebackup@intradyn.com 


SENSAPHONE® 


Sends 

SNMP 

Messages 


Monitors 

64 

IP  addresses 


Embedded 

Web 

Server 


Sends 

E-Mail 


Power 

Outage 

Alarming 


Internal 

UPS 


_  M  mm  Infrffitmdirc 

jsM®e|MS-4000  — ' 

■x'/it.-  '-<±1 — ••  •  — — 

Manila rinf  _ - - - - 

,  :  \  *  f  *  J  *  M»M-1 

'  SEtill®® 

Power 

Control 

Interface 


Ethernet 

Port 


Internal  Voice, 
Modem 
&  Pager  Port 


8  R|-45  Sensor  Inputs 

( Temperature ,  Humidity, 
Water,  Motion,  Power, 
Smoke/fire) 


Microphone 

for  Sound 
Monitoring 


BE  NOTIFIED  BEFORE  CRITICAL  EVENTS  TURN  INTO  DISASTER! 


•  Eight  environment  inputs 

•  Power  sensing 

•  Monitors  64  IP  addresses 

•  Send  alerts  to  64  people 

•  8  methods  of  contact 

•  Calendar  scheduling 

•  Expands  to  256  sensors 

•  Remote  power  control 

•  Optional  camera 


The  Sensaphone  IMS-4000  Infrastructure 
Monitoring  System  monitors  critical  environ¬ 
mental  and  network  elements  in  your  server 
room,  data  center,  or  telecomm  installation  and 
reports  to  you  instantly  when  events  threaten 
your  infrastructure.  The  IMS-4000  keeps  watch 
so  you  don't  have  to.  See  these  features  and 
more  on  the  web  at  www.ims-4000.com 


Phonetics,  Inc. 

Tel:  877-373-2700 

901  Tryens  Road 

www.ims-4000.com 

Aston,  PA  19014 

Save  40-70%  on  Network  Equipmei 


Refurbished  Routers,  Switches, 

Access  Servers  and  Modules. 


mas 


Trust  .Value  II 

Quality  Parts. Great  Prices 


Trust  the  Experts 

/Continental 

COMPUTERS  Since 


Call  today  for 
10%  off  1  item  (Up  to  $500)* 

*New  customers  only. 


www.conticomp.com 
Call  us:  (310)  416-1200 


79,507  SIZES.  JN  STOCK!  A 


8#rvtr  Rack* 


wmwr 


A  New  “Patent  Pending”  Rack  Design 

Assemble  Any  Size  Rack  Using  Only  3  STOCK  Parts 

Choose  any  width,  depth,  &  height  of  dual-tapped  E.I.A.  rack 
rail  from  one  of  43  sizes  in  1-3/4”  rack  unit  increments.  Ships 
knocked-down  in  3  small  cartons.  Build  all  kinds  of  neat  stuff ! 


4RU 13”  Deep- $159,851 
43  RU  30”  Deep  -  $264.85\ 

Shop  Online 

www.starcase.com/rack.htm 

(800)822-STAR  (ttrt) 

( 800)782-CASE(22TV 
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www.avocent.com  866.286.2368 


•  Add  IP  remote  access  to  any  existing  KVM  switch  ✓ 


•  Works  with  any  operating  system,  BIOS  ievel  control  ✓ 


Avocent.  the  Avocent  logo,  SwitchView  and  CLICK  AND  CONNECT  are  trademarks  or  registered  trademarks  of  Avocent  Corporation  or  its  affiliates,  pcAnywhere  is  a 

registered  trademark  ot  Symantec  Corporation.  ©  Copyright  2004 


•  No  software  required  on  the  target  server 


Control  your  server  room  from  your  desktop 

Add  KVM  over  IP  access  and  control  to  any  server  or  KVM  switch. 
Take  total  BIOS  level  control  of  your  servers  anywhere,  anytime. 
Why  settle  for  remote  access  when  you  can  have  complete 
CLICK  AND  CONNECT™  remote  control  over  IP! 


Check  out  the  advantages  of  KVM  over  IP  control 
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KVM  over  IP 
access  and  control 

for  less  than  $1000 

Available  from' -your  favorite  catalog, 

/  .  ’  ,  'V 1  ^  ' '  ; 

online  retailer  or  authorized  reseller 


Access  any  server  via  a  web  browser 


SwitchView™  IP 

✓ 


Connect  and  control  your  PC  throughout  the  boot  process 
Access  and  control  any  server  even  if  the  OS  is  down 


pcAnywhere® 

✓ 


Risk  Free 

30-day  moneyback  guarantee 


Production  Tracking  Over  Ethernet 

Eliminate  your  shop-floor 
PCs  with ... 

Ethernet  Terminals  from 
ComputerWise  connected  to 
your  in-house  LAN. 

Capture  production  data 
directly  into  files  on  your 
server. 


•  Interactive  Telnet  Client 

•  TCP/IP  over  10/IOOBaseT  Ethernet 

•  Built-in  Barcode  Badge  Reader 

•  Optional  Mag-Stripe  &  RFID  Badge  Reader 

•  Auxiliary  RS-232  Serial  port 

•  Customizable  Data  Collection  _ 

Program  Included 

•  Larger  keyboard  and 
display  sizes  available 

COMIVIKIANISE. 

Call  1-800-255-3739  or  visit  www.Gomputerwise.Gom 
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Features  &  Benefits 


In  today’s  demanding  data  center  environment,  no 
one  knows  how  to  protect  and  organize  your 
valuable  IT  equipment  better  than  Rittal.  Our 
TS-server  cabinets  securely  accommodate  the  dense 
mounting  of  virtually  any  kind  of  server,  networks  or 
mass  storage  devices.  Maybe  that’s  why  so  many 
leading  companies  around  the  world  count  on 
Rittal  for  their  network  infrastructure  needs. 


CHECK  OUT  THE  Grand  Prize: 

TEAM  RITTAL  WEBSITE  *  Complete  Home  Entertainment  System 

AND  REGISTER  TO  WIN !  Weekly  Drawin3s: 

•  Louisville  Slugger  Bats 

Use  priority  code:  NWW  .  Team  Rittal  Baseball  Hats 


www.rittal-corp.com/teamrittal 


IKRcTI 


j 


r 


NetworkWorid 

THE  HUB  OF  THE  NETWORK  BUY 


dtSearch 


Instantly  Search  Gigabytes  of  Text  Across 
a  PC,  Network,  Intranet  or  Internet  Site 


Publish  Large  Document  Collections 

to  the  Web  or  to  CD/DVD 


♦  over  two  dozen  indexed,  unindexed,  fielded  &  full-text  search  options 

♦  highlights  hits  in  HTML,  XML,  &  PDF  while  displaying  embedded 
imks,  formatting  &  nTMEH 

♦  converts  Gther  file  types  (word  processor,  database,  spreadsheet, 
email,  ZiP,  Unicode,  etc.)  to  HTML  for  display  with  highlighted  hits 

“The  most  powerful  document  search  tool  on  the  market” 

-Wired  Magazine 


|||dtSearch 


“intuitive  and  austere  ...  a  superb  search  tool”  -PC  World  j 

“Blindingly  fast”  -Computer  Forensics:  Incident  Response  Essentials 

“A  powerful  arsenal  of  search  tools”  -The  New  York  Times 

dtSearch  “covers  all  data  sources  ...  powerful  Web-based 
engines”  -eWEEK 

“Searches  at  blazing  speeds”  -Computer  Reseller  News  Test  Center 

In  the  past  two  years,  over  half  of  the  Fortune  15  purchased 
dtSearch  developer  or  net  work  licenses. 


1-800-IT-FINDS 

sales@dtsearch.com 


See  www.dtsearch.com  for: 

♦  hundreds  of  developer  case  studies  &  reviews 

♦  fully-functional  evaluations 


♦  from  $2,500 


The  Smart  Choice  for  Text  Retrieval®  since  1991 


OU  WANT  COMPLETE  VISIBILITY. 


MAKE  IT  HAPPEN. 


Remote  Monitoring  Solutions 

RMON  and  HCRMON  Probes 

You  want  remote  monitoring  solutions  for  visibility  into  every  part  of  your  network.  With 
RMON  and  HCRMON  Probes  from  Network  Instruments,  it’s  easy.  Convert  any  PC  into  a 
complete  remote  network  monitoring  data  collection  device.  Use  the  RMON  appliance 
(available  in  1U  and  4U  systems)  for  a  full  turn-key  solution.  Call  800-526-7919  for  more 
information  or  visit  our  website  at  www.networkinstruments.com/RMON. 


Full  compliance  with  RM0N1,  RM0N2  and  HCRMON 
High  capacity  RMON  Probes  provide  full-duplex  Gigabit 
capture  compatible  with  any  RMON  management  console  or 
collection  facility  (Observer  ,  OpenView,  Concord 


NetScouf1,  Micromuse'1') 


Complete,  industry  standard,  software-based  probes  for 


Windows  2000/XP 


Software  based,  non-dedicated  data  collection 


Compatible  with  Network  Instruments’  optimized  ErrorTrak™ 


NOIS  drivers,  which  display  true  errors-by-station. 


One  Network  Complete  Control 


Wired  to  Wireless  •  LAN  to  WAN 


NETWORK* 

INSTRUMENTS 

US  &  Canada:  (952)  932-9899 

Toll  free:  (800)  526-7919 

UK  &  Europe:  +44  (0)  1959  569880 


OBSERVER 


•l  OBSERVER* 


S’  2003  Network  instruments,  UC  All  nghts  reserved.  Network  Instruments,  Observer,  ErrorTrak  and  tbe  Network  Instruments  logo  are  trademarks 
or  registered  trademarks  ot  Network  Instruments.  LLC.  All  other  trademarks,  registered  or  unregistered,  are  sole  property  of  their  respective  owners. 


Attention  Resellers! 


SECUREMATICS 

The  Right  decision  for  Security  Products 

Best  Source  for  SOHICWALL 
Security  Products! 


LIMITED  TIME  OFFER! 

•  Earn  1  FREE  SonlcU  e*Tralning 
Class  for  every  $15K  In  SonlcWALL 
purchases  from  Securematics." 

•  New  SonlcWALL  Resellers  will  receive  1  FREE 

SonlcU  Electronic  Training  Course  with  purchase 
of  any  Demo  Unit  . . 


Call 


Securematics  is  a  SonicWALL  Authorized  Distributor  &  Training  Partner 
To  sign  up  for  the  Medallion  Partner  Program,  please  contact  us. 

888-746-6700  sales@securematics.com  wwwvsecurematics.com 


FIBER  OPTIC  SOLUTIONS 


•  Tl/El  &  T3/E3  Modems 

•  RS-232/422/485  Modems  and 
Multiplexers 

•  IBM  3270  Coax,  AS400  Twinax,  and 
RS6000  Modems  and  Multiplexers 

•  LAN  -  Arcnet/Ethernef/Token  Ring 

•  Video/Audio/Hubs/Repeaters 

•  I S  0  -  9  0  0 1 

s.i.TECH 

Toll  Free  866  SITech  1 
630-761-3640,  Fax  630-761-3644 
www.silech-bitdriver.com  or  www.silechfiber.com 
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If  it’s  on  the  N*  WORLDWIDE  PROVIDER 
network,'  *  -  1  OF  NETWORK 

vje’ve  got  jti  HARDWARE 

I  .  SINCE  1981! 

•  NetWork  Hardware 


•  babies 


•  Memory 


THE  NETWORK  SPECIALISTS 

WRCAaNET 


A 


•  Accessories 

sales@wrca.net  -  (800)699-9722x102 
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Advertising  Supplement 

IT  Careers  in  Boston 


Without  doubt  the  Boston  metro  area  has  been 
among  those  most  hard  hit  by  the  downturn  in 
the  technology  economy.  The  telecommunications 
sector,  in  particular,  continues  to  see  problems,  and 
Terra  Lycos  has  announced  additional  layoffs  and  a 
lowered  price  on  the  sale  of  its  Lycos.com  operation. 
Similarly,  the  financial  services  sector  has  stumbled, 
with  the  buyout  of  John  Hancock  by  Canada's 
Manulife  Financial  Corp. 

However,  Boston  continues  to  market  itself  to  the 
high  tech  world  based  on  its  access  to  a  strong 
workforce,  universities  and  existing  business  base. 
Further  evidence  can  be  found  in  close  to  $100 
million  in  venture  capital  and  federal  grants  for  early 
stage  companies  and  an  uptick  in  job  listings  at 
companies  ranging  from  Staples  Inc.  to  Partners 
Healthcare.  Boston.com  —  a  business  newsletter  for 
the  region  —  continues  to  follow  the  financial 
fortunes  of  an  emerging  new  technology  community, 
the  Boston  Life  Sciences  20.  The  Life  Sciences  20 
includes  companies  such  as  Boston  Scientific,  Charles 
River  Laboratories,  Biogen  Idee,  Millennium 
Pharmaceuticals,  PerkinElmer  and  Transkaryotic 
Therapies. 

Partners  Healthcare  —  parent  company  for  The 


Children's  Hospital,  Beth  Israel  Deaconess  Medical 
Center,  Brigham  &  Women's  Hospital  and 
Massachusetts  General  —  has  50  information 
technology  jobs  currently  listed. 

In  addition  to  some  of  the  longer-term 
pharmaceutical  and  life  sciences  companies,  the  area 
boasts  of  a  dozen  new  start-up  companies.  These 
include  Biomeasure  Inc.,  Nexcelom  Bioscience  and 
Agencourt,  which  recently  received  a  $30  million 
grant  from  National  Human  Genome  Research. 
Biomeasure,  which  is  now  a  division  of  French 
pharmaceutical  company  Ipsen,  is  building  a  new 
38,000-square-foot  factory.  The  Boston  Tech  Center,  a 
345,000-square-foot  facility,  is  under  construction 
and  also  will  provide  needed  office  and  lab  space  for 
Boston's  growing  biotech  and  life  sciences  industry. 

Raytheon,  one  of  the  long-term  corporate 
headquarters  in  the  area,  is  also  on  a  hiring  cycle. 
Currently,  the  corporation  lists  10  jobs  in  the 
information  systems  area  supporting  its 
businesses.  More  importantly,  the  corporation  has 
posted  75  job  openings  during  quarter  one  for 
software  engineers,  architecture  developers  and 
systems  engineers  to  work  on  security  and  defense 
contracts. 


Staples  Inc.  also  continues  its  push  in  using 
technology  to  reach  customers  and  improve 
operations.  The  high  tech  research  community  in 
the  Boston  area  is  also  showing  some 
improvement.  Forrester  Research  has  shown  stable 
performance  over  the  last  six  months.  IDC,  a 
division  of  IDG  —  parent  company  to 
Computerworld,  InfoWorld  and  NetworkWorld  —  is 
hiring  research  analysts,  particularly  in  the  areas  of 
healthcare  and  life  sciences. 


For  more  information  about  IT  Careers 

advertising,  please  contact:  Nancy  Percival 

Vice  President,  Recruitment  Advertising 

800.762.2977 

500  Old  Connecticut  Path 

Framingham,  MA  01701 

Produced  by  Carole  R.  Hedden 
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Engineering  Development  Man¬ 
ager-Offshore  :  For  tech  transfer 
life  cycle  mgmt  co.,  manage  off¬ 
shore  res  &  devel  projects,  incl. 
offshore  embedded  sys  &  appl 
specific  integrated  circuit  (ASIC) 
solutions  div.  in  India  &  offshore 
team  of  developers  &  research¬ 
ers;  project  plan,  exec,  implmnt 
&  test  at  client  sites.  Req's: 
Bach's  in  Comp  Engg,  Comp  Sci 
or  a  rel.  field.  3  yrs  exp  in  job 
offered  or  3  yrs  exp  as  a  Comp 
Sys  Analyst  in  offshore  devel 
envt.  Exp  must  incl.  embedded, 
enterprise,  networking  &  comm 
&  image  processing  solutions. 
Prof  in  32  bit  RISC/CISC,  Hita¬ 
chi  SH/HS,  ARM  7TDMI/9TDMI, 
DSP-TI  &  AD  (TMS320),  Win¬ 
dows  CE,  ITRON.  pSOS,  Vx- 
Works,  C  OS  II,  C  Linux, 
Trimedia  SDE,  Lauterbach 
TRACE  32  for  Hitachi  SH.  ARM 
developer  Ste,  Red  Hat  Embed¬ 
ded  Tool  Ste  &  Platform  Builder. 
Overseas  travel  required.  40hrs/ 
wk.  Send  res.  to  E-5.  P.O.  Box 
1924,  Phila.,  PA  19105. 


PROGRAMMER/ANALYST  to 
analyze,  design,  develop  and 
maintain  client/server  and  web- 
based  application  software 
using  Java,  J2EE,  Java  Script, 
Java  Bean,  Applets,  JSP, 
Servlets,  EJB,  WebLogic,  XML, 
HTML,  SQL  Server  and  Oracle 
under  Windows  NT  and  UNIX 
operating  systems.  Require; 
Bachelor's  degree  in  Computer 
Science,  an  Engineering  disci¬ 
pline,  or  a  closely  related  field 
with  2  yrs  of  exp  in  the  job 
offered  or  as  a  Systems  Analyst. 
Extensive  travel  on  assignment 
to  various  client  sites  within  the 
US  is  required.  Competitive  sal¬ 
ary  offered.  Send  resume  to: 
John  Watson.  Venturi  Technolo¬ 
gy  Partners,  9428  Baymeadows 
Rd,  Ste  500,  Jacksonville,  FL 
32256;  Attn:  Job  AA. 


Sr.  Cons,  for  b/z  reqs.  analysis, 
process  optimizn,  plan,  dzn, 
s'ware  dev.,  test  &  systems  inte- 
grn.  PM  for  system  &  applns. 
S'ware  dev.,  opernl.  CRM 
(Sales,  Svc,  Mktng),  Collabora¬ 
tive  CRM  (CTI,  Customer  Con¬ 
tact  Center)  &  Analytical  CRM 
(Reporting,  ROI)  projs.  Evaluate 
CRM  (Clarify  12.0,  Siebel,  HP 
Service  Desk  4.5,  &  Kintana 
5.0).  Conduct  infrastructure 
scalability  assessments  &  imple¬ 
ment  CRM  &  ERP  based  ERP 
system  for  Cust  relationship 
mgmt,  GL,  HRMS,  A/c  Payable 
&  T  &  L  Modules.  Implement 
Clarify  eFrontOffice  V12,  Clear- 
Sales,  ClearSupport,  CBO  / 
eBusiness  Framework,  Clear- 
Contracts,  Clear  CallCenter  & 
Clarity/Nortel  CTI  solutions.  Pro¬ 
posals,  presentations,  client 
mgmt,  project  tech  lead  &  exe¬ 
cution.  Lead  sols  design  & 
development,  lead  teams,  proj 
delivery,  client  relation  &  tech 
team  deliveries.  BS  in  CS  +  5  yr 
exp.  in  job  duties  OR  5  yr  exp  in 
IT  PM,  Internet  tech.  &  ERP. 
Must  be  Clarify  CRM  Prof,  and 
Six  Sigma  green  belt  certified. 
Comp,  salary.  Apply:  Unilinx, 
4625  Alexander  Dr.,  #  110, 
Alpharetta,  GA  30022  with  proof 
of  perm.  Work  authzn. 


PROGRAMMER  ANALYSTS 
for  Worth,  IL  office.  Design  & 
Develop  software  applications 
using  Oracle,  XML,  UML,  C++, 
Sybase,  Interwoven,  Coolgen, 
ClearCase,  ClearQuest,  PVCS, 
UNIX.  Bachelors  or  Equivalent 
req'd  in  Computers,  Engineer¬ 
ing,  Math  or  related  field  of 
study  +1  yr  of  related  exp.  40 
hrs/wk.  Must  have  legal  author¬ 
ity  to  work  permanently  in  the 
U  S.  Send  resume  to  HR 
Manager,  Compro  Consulting 
Group,  Inc.,  7179  West.lllth 
St,  Worth,  IL  60482. 


Computer  Professionals 
(Multiple  Openings) 

Software  Engineer/Systems 
Analyst/Database  Administra¬ 
tor/Network  Administrator  Mil¬ 
waukee,  Wl.  Must  have  bache¬ 
lors  degree  or  equivalent  and 
experience  in  some  of  the  fol¬ 
lowing  skills  C/C++,  Java, 
Web  Methods,  Cold  Fusion,  Mic¬ 
rosoft  Technologies  (Visual  Bas¬ 
ic,  .NET,  ASP)  CRM  (Siebel, 
Clarify,  Vantive),  Middle  Ware 
Technologies  (Orbix,  Corba,  Tib- 
co,  Vitria)  Data  Ware  Housing 
Tools  (Informatics.  Data  Stage, 
Abinitio,  Business  Objects,  Cog- 
nos,  Micro  Strategy,  Brio)  ERP 
(SAP,  People  Soft,  Oracle  Apps, 
Baan),  Mainframe  (Cobol,  CICS, 
JCL,  VSAM)  AS400,  Ecom- 
merce,  Databases  (SQL  Server/ 
Oracle/DB2/Sybase),  Microsoft 
Windows(95/98/NT/2000,Excha 
nge),  UNIX  (Sun  Solaris,  HP. 
AIX),  Linux  and  QA  (Win  Run¬ 
ner,  Load  Runner,  Silk,  Quick- 
pro,  Manual  Testing). Position 
requirement:  Must  be  willing 
to  travel  and  /or  relocate  per 
project  specification  Mail  your 
resumes  to:  iobs@iksolution 
sinc.com  or  Human  Resource 
Director,  IK  Solutions  Inc,  1840 
N.  Farwell  Ave,  Suite  #  306, 
Milwaukee,  Wl  53202. 


System  Administrator  required 
for  Burtonsville,  MD  office. 
Design  &  maintain  LAN,  WAN. 
Network  Segment,  Internet/ 
Intranet  Systems;  Install  & 
maintain  Exchange  Servers. 
Multiplexes,  Line  Drivers, 
modems,  scanners,  D-link 
hubs,  cabling  and  other  hard¬ 
ware.  Bachelors  req'd  in 
Computers,  Engineering  +  2  yrs 
of  exp.  40  hrs/wk.  Must  have 
legal  authority  to  work  perma¬ 
nently  in  the  U.S.  Send  resume 
to  HR  Manager,  Childway/KIO 
Services  Inc.,  4058  Blackburn 
Lane,  Burtonsville,  MD  20866. 


Technical  Support  Analyst 

Experience:  Minimum  3  years 
recent  experience  in  a  similar 
position 

PCS  has  an  opening  for  a 
Technical  Support  Analyst  based 
in  Chicago,  Illinois.  The  selected 
candidate  must  have  a  minimum 
of  a  bachelors  degree  in  Elec¬ 
tronics  or  Management  Informa¬ 
tion  Systems  or  Computer  Sci¬ 
ence  or  Computer  related  field 
or  equivalent.  A  minimum  of  3 
years  of  recent  experience  in  a 
similar  position  is  required. 

Job  Description:  The  job  re¬ 
quires  the  employee  to  possess 
a  minimum  of  3  years  recent 
work  experience  in  a  similar  po¬ 
sition.  Prior  experience  with  de¬ 
signing  and  implementing  solu¬ 
tions  for  extending  systems 
management  capabilities  of  CA- 
Unicenter  TNG  for  different 
types  of  non-IT  devices  is  man¬ 
datory.  Must  possess  work  ex¬ 
perience  using  Wireless  Devices 
(Vast,  Opto22,  Ion  Networks. 
Badger  and  Nokia)  and  integra¬ 
tion  of  these  devices  with  CA- 
Unicenter  TNG.  Prior  experience 
implementing  CA-Unicenter 
TNG  and  related  suites  of  Enter¬ 
prise  Systems  Management 
products  and  software  required. 

Additional  work  responsibilities 
involve  performing  systems  sup¬ 
port,  computer  operating  sys¬ 
tems  configuration,  perform  sys¬ 
tems  support  and  configure 
TCP/IP  and  computer  networks, 
Require  prior  work  experience 
working  on  Windows,  win- 
dows2000  server,  Windows 
2000  advanced  server,  Linux, 
Novell  platform  routers,  gate¬ 
ways.  LANS/WANS  and  fire¬ 
walls.  Responsible  for  in-house 
systems  administration,  network 
management,  e-mail  manage¬ 
ment,  LAN,  VPN,  remote  access 
management  and  providing  for 
in-house  users  and  external 
clients. 

The  job  responsibility  requires 
travel  as  required.  Please  send 
your  resume  and  cover  letter  to: 
Human  Resources.  Profession¬ 
al  Consulting  Services,  Inc., 
1415  North  Dayton,  #3S, 
Chicago,  IL  60622. 
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Coasuliant  Systems  Analyst  will 
develop  loading  edge  testing 
methodology  lo  stress  test  next 
generation  high  volume  (1+  mil¬ 
lion  jsers)  financial  applications 
ibuitt  on  WebLogic  middleware 
using  custom  developed 
LoadRunner  virtual  users.  Will 
deliver  application  performance 
and  system  resource  profiles  of 
all  application  components. 
Will  analyze  applications  and 
characterize  performance  of 
systems  to  identify  bottlenecks. 
Will  conceptualize  and  execute 
test  plan  for  stress,  stability,  unit 
and  load/performance  testing 
with  a  user  population  of  1 3  mil¬ 
lion  customers  for  both  web- 
based  and  client/server  applica¬ 
tions.  Will  assist  clients  in  vali¬ 
dating  multiple  architecture  rec¬ 
ommendations  and  in  the  selec¬ 
tion  of  a  cost-effective  solution 
that  meets  performance  and 
capacity  requirements  for 
branch  network  and  future 
capacity  projections.  Requires 
Bachelor  of  Science  or  equiva¬ 
lent  in  Computer  Science, 
Engineering.  Math,  or  Physics 
and  one  (  I)  year  in  job  offered 
OR  one  (1)  year  experience  in 
systems  integration  and  perfor¬ 
mance  testing.  Candidate  must 
possess  demonstrated  exper¬ 
tise  in  high  volume  capacity 
planning,  forecasting  and  perfor¬ 
mance  testing  using  Load- 
Runner;  demonstrated  expertise 
in  performance  and  cost  analy¬ 
sis  of  web  architecture  and  net¬ 
work  configuration;  and  demon¬ 
strated  expertise  in  capacity 
planning  and  future  forecasting 
using  Interscope.  Candidate 
must  also  be  Certified  Product 
Specialist  in  the  Mercury 
Interactive  LoadRunner  tool. 
Salary:  $87,975/yr,  M-F,  9AM- 
5PM.  Send  2  resumes  to  Case 
#200203581,  Labor  Exchange 
Office,  19  Staniford  St.,  1st  fl„ 
Boston,  MA  02114.  EOE. 
Applicants  must  be  U.S.  workers 
eligible  to  accept  full-time 
employment  in  U.S. 


Software  Engineer  -  Applica¬ 
tions.  Sought  by  Englewood 
Colorado  consulting  company  to 
work  in  various  unanticipated 
locations  throughout  the  U.S. 
Duties:  Develop,  create  and 
modify  general  computer  appli¬ 
cations  software  or  specialized 
utility  programs.  Analyze  user 
needs  and  develop  software 
solutions.  Design  software  or 
customize  software  for  client  use 
with  the  aim  of  optimizing  opera¬ 
tional  efficiency.  Analyze  and 
design  databases  with  an  appli¬ 
cation  area.  Use  of  Visual  Basic, 
XML,  UML,  SQL  Server  2000, 
DB2,  SQL,  C++,  COBOL.  Reqs. 
Masters  or  equivalent  in  Com¬ 
puter  Science,  Computer  Engin¬ 
eering,  Engineering  (any  field) 
or  related  field.  Plus  1  year  in  the 
job  offered  or  1  year  in  a  related 
occupation,  including  Systems 
Analyst.  Programmer  Analyst  or 
Applications  Developer.  $73,231 
/year,  40/hrs/wk,  8AM-4PM.  Re¬ 
spond  by  resume  to  WORK¬ 
FORCE  DEVELOPMENT  PRO¬ 
GRAMS,  PO  Box  46547,  Den¬ 
ver,  CO  80202,  and  refer  to  Job 
Order  No.  CO5075643. 


PROGRAMMER  ANALYSTS 
req'd  for  Raleigh,  NC  office. 
Design  &  Develop  software 
applications  using  C,  C++.  VB, 
Delphi,  ASP,  XML,  UML, 
Coolgen,  Interwoven,  Oracle, 
PL/SQL,  Developer  2000  & 
Designer  2000;  Bachelors  or 
Equivalent  req'd  in  Computers, 
Engineering,  math  or  related 
field  of  study  +  1  yr  of  related 
exp.  40  hrs/wk.  Must  have  legal 
authority  to  work  permanently  in 
the  U.S.  Send  resume  to  HR 
Manager,  Allied  Business 
Consulting.  Inc.,  8700  W.Bryn 
Mawr,  Suite  800  South, 
Chicago.  !L  60631 . 


Software  Engineer  wanted  to 
analyze  software  reqts.  &  prod¬ 
uce  functional  specification  doc¬ 
uments  &  implement  software; 
create  test  specs,  for  new  sub¬ 
systems;  analyze  &  reengineer 
software  legacy  system;  provide 
mgmnt.  w/effort  estimations  & 
implementation  trade  offs;  apply 
software  design  patterns  in  C++ 
environment;  design  software 
using  UML,  Visual  C++,  C++, 
COM/DCOM.  ATL  &  STL;  modi¬ 
fy  real  time  multi-threaded  fram¬ 
ework  adapter  to  support  COM/ 
DCOM;  design  the  interfaces 
between  different  subsystems  to 
reduce  dependency  &  boost  de¬ 
velopment  process;  develop 
COM/DCOM  code  generator  to 
generate  ActiveX  automation 
components  using  Rhapsody  & 
ATL  tech.;  optimize  software  for 
performance  &  memory,  GDI 
handles  &  other  system  resourc¬ 
es  using  Visual  Quantify,  Purify 
&  PC-Lint;  develop  configuration 
mgmnt.  adapters  for  ClearCase, 
MKS,  VSS,  PVCS  Version  man¬ 
ager.  on  Windows  &  UNIX  oper. 
systems;  assist  customers  & 
customer  support  team.  Must 
have  Bach.  deg.  in  Comp.  Sci. 
or  related  field  &  4  yrs.  software 
development  exper.,  incl.  exper. 
with  software  modeling  tech¬ 
niques  &  UML,  exper.  with  C++, 
MFC  &  COM  tech.  incl.  internals 
of  COM/DCOM  &  ActiveX  tech., 
&  exper.  w/configuration  mgmnt. 
tools  incl.  Rational/ClearCase  & 
MKS/Source  Integrity  as  well  as 
expertise  in  multi-threaded  pro¬ 
gramming  concepts  &  develop¬ 
ment.  Salary  $93,209/yr.  Send 
2  resumes  to  Case#200204206, 
Div.  of  Career  Services,  Labor 
Certification  Unit,  19  Staniford 
St.,  1st  fl„  Boston,  MA  02114. 


IT  PROFESSIONALS 
Consultant 

(Glen  Mills,  Pennsylvania  and 
other  locations  through  the 
U.S.).  Under  the  supervision  of 
Senior  Consultants,  Managers, 
and  Senior  Managers,  assist  in 
providing  consulting  services  for 
implementation,  testing,  devel¬ 
opment,  maintenance  and  en¬ 
hancement  of  software  pack¬ 
ages  and  applications.  Design 
software  packages.  Utilize 
Rational  Rose  to  design  system 
architecture  in  Unified  Modeling 
language  (UML).  Utilize  Rational 
ClearCase,  Rational  Clear- 
Quest,  Adobe  Photoshop, 
Adobe  Illustrator,  Micromedia 
Dreamweaver,  Micromedia 
Flash,  Microsoft  Frontpage,  Vis¬ 
ual  Interdev,  and  Homesite  to 
develop  programming  logic  and 
web  interfaces.  Conduct  quality 
assurance  testing  of  software 
applications.  Create  and  main¬ 
tain  systems  documentation. 

Salary  $60,000  per  year.  Mon- 
Fri,  9:00  am  to  5:00  pm.  The 
position  requires:  Bachelor's 
degree  or  equivalent  in  Comput¬ 
er  Science,  Engineering  (any), 
Information  Systems  or  Busin¬ 
ess  Administration  +  2  years  of 
experience  in  the  job  offered  or 
2  years  of  experience  as  a 
Systems  Analyst,  Consultant  or 
Developer.  Related  experience 
must  include  at  least  six  months 
of  experience  in  Adobe  Photo¬ 
shop,  Micromedia  Flash,  Micro¬ 
soft  Frontpage,  and  Visual 
Interdev. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB- 
415747  to  the:  PA  Careerlink, 
FLC  Unit.  235  W.  Chelten  Aven¬ 
ue,  Philadelphia,  PA  19144. 
EOE. 


PROGRAMMER  ANALYSTS  for 
Charlotte,  NC  office.  Develop 
software  applications  using  VB, 
Crystal  Reports,  Delphi,  ASP, 
XML,  Coolgen,  Interwoven;  De¬ 
velop  client/server  applications 
in  Oracle,  PL/SQL,  Developer 
2000  &  Designer  2000.  Bach¬ 
elors  or  Equivalent  req'd  in 
Computers,  Engineering,  Math 
or  related  field  of  study  +1  yr  of 
related  exp.40  hrs/wk.  Must 
have  legal  authority  to  work  per¬ 
manently  in  the  U.S.  Send 
resume  to  HR  Manager, 
Masterminds  Global  Solutions, 
LLC,  6000  Fairview  Road, 
#1200,  Charlotte,  NC  28210. 


Systems  Analyst 

Analyze,  design,  and  deploy 
customized  IT  solutions  based 
on  a  client's  needs  and  business 
environment.  Must  have  Bach¬ 
elors  Degree  or  foreign  equiv.  in 
Computer  Science  or  in  a  relat¬ 
ed  field  &  1  yr.  exp.  or  1  yr.  exp. 
in  a  related  position  w/ability  to 
use:  OS  Windows,  C #,  MDX, 
OLAP,  and  XML  and  must  be 
willing  to  travel  and  relocate. 
40.0  hrs./wk  9:00  AM  -  6:00  PM. 
Applicants  send  cover  letter 
and  resume  to 

SRA  Systems,  1945  Cliff  Valley 
Way,  Suite  270,  Atlanta,  GA 
30329,  Attn:  S.  Srinivasan 


Radiant  Soft  Sol,  Inc.,  a  S/ware 
Consulting  Co,  seeks  to  fill  fol¬ 
lowing  Multiple  Openings  in 
Arlington  Hts,  IL  &  unanticipated 
Iocs  in  US: 

Sr.  Software  Consultants  (BS+3 
yrs  exp),  Business/  Systems/ 
Programmer/QA  Analysts  (BS  + 
2yrs  exp.),  Database  Analysts 
(BS+3yrs  exp.),  Network  Anal¬ 
ysts  (BS+  3yrs.  exp.)  &  IT 
Managers  (BS  +  3yrs  superviso¬ 
ry  exp). 

Respond  by  resume  to  HR,  855 
E.  Golf  Rd,  #1125,  Arlington  Hts, 
IL  60005. 


Engineer  (New  York,  NY):  De¬ 
velop/implement  introspective  & 
self-adaptive  hardware  &  soft¬ 
ware  sys.  Design,  implement  & 
evaluate  new  program  repre¬ 
sentations.  Consult  w/  engi¬ 
neers  &  clients  to  enhance  reli¬ 
ability,  scalability  &  perfor¬ 
mance.  Design  systems  &  tech¬ 
niques  to  map  applications  on 
architectures.  Must  have  M.S. 
in  Comp.  Sci.  or  Elec.  Eng.,  plus 
1  yr.  specific  experience.  Send 
resume  to  Melanie  Peters, 
Business  Manager,  Reservoir 
Labs,  Inc.,  632  Broadway,  Suite 
803,  New  York,  NY  10012. 


Programmer  Analyst  in  NYC 
to  analyze,  dsgn,  create 
prgms  &  dvlp  s/ware  prgms  & 
systms  using  Java,  C++,  JSP, 
Oracle,  ASP,  VB  &  VBScript. 
Req.  Bach,  in  Engg,  Comp. 
Sci/equiv.  +  2  yrs  exp  in  field. 
Will  accept  any  combination 
of  ed.,  training,  exp,  which  will 
meet  min.  req.  Resp.  to 
Ganesh  International,  Rajesh 
Kalra,  12  W.  27th  St.  2nd  FI., 
NY  NY  10001.  Fax:  212-779- 
1616  E-Mail: 

careersusa@crawtsys.com 


Quality  Eng.  wanted  by 
company  engaged  in 
graphics  and  multimedia 
technology  design,  manu¬ 
facturing  and  marketing. 
Requires  Bach,  in  CS  or 
EE  plus  3  yrs  exp.  includ¬ 
ing  min.  2  yrs.  audio/video 
software.  Reply  to  ATI 
Research,  Inc.  H.R. 
Dept.,  Attn:  K.B.,  62 
Forest  Street,  Marl¬ 
borough,  MA  01752. 


Sr.  Network  Engineer/Adminis¬ 
trator  wanted  by  macro-political 
consultancy  co.  in  NYC,  NY. 
Must  have  a  min.  of  a  Bachelor's 
degree  or  foreign  equiv.  in 
Computer  Sci.,  Engineering, 
Business  or  related  and  1  yr. 
exp.  in  job  offered  or  as  a 
Network  Administrator.  In  lieu  of 
a  Bachelor's  degree,  the  em¬ 
ployer  will  accept  an  equivalent 
combination  of  formal  university 
education  and  work  experience 
in  network  administration.  Send 
resume  to  Catherine  Vitale  @ 
Medley  Global  Advisors,  LLC, 
451  Greenwich  St,  6th  FI..  NYC. 
NY  10013. 


Prog.  Analysts  to  analyze, 
design/develop  s/w  appls  using 
Java,  JavaScript,  VBScript, 
ASP.  HTML,  Weblogic,  Oracle, 
SQL,  COBOL,  DB2,  CICS  un¬ 
der  Windows,  UNIX  &  MVS  OS; 
perform  unit,  functional,  integra¬ 
tion,  regression  and  systems 
level  testing;  analyze  user  reqs, 
prepare  design  documents;  de¬ 
velop  &  enhance  online  &  batch 
programs;  implement,  install, 
test,  debug  and  modify  new/ 
existing  appls.  Require:  BS  or 
foreign  equiv.  in  CS/Engg.  (any 
branch)  &  2  yrs  exp.  in  IT. 
Travel  involved.  High  Salary. 
F/T.  Resumes  to:  HR,  Global  IT 
Solutions  USI,  Inc.,  600 
Stevens  Port  Drive,  Ste  125, 
Dakota  Dunes,  SD  57049. 


Sales  Eng'g.  -  Present  & 
sell  comm.  &  recording 
equip,  to  clients.  Req'd: 
10  yrs.  exp.  in  job  or 
software,  sys.,  or  test 
eng'g  job  &  exp.  w/  LAN/ 
WAN,  Windows  NT,  CTI, 
CRM  and  PSAP.  Res¬ 
umes:  NICE  Systems, 
Inc.,  301  Route  17 
North,  10th  Floor,  Ruth¬ 
erford,  NJ  07070.  Attn: 
G.  Farese. 


Programmer  Analysts  to  ana¬ 
lyze,  design,  develop  appls  us¬ 
ing:  C,  VB,  JavaScript,  HTML/ 
DHTML,  EJB,  JSP,  ASP,  Servlet, 
UML,  Oracle,  SQL  under  Win¬ 
dows  OS;  perform  initial  study  of 
req  and  provide  feedback;  pro¬ 
vide  on  site  maintenance  sup¬ 
port,  debug,  modify,  fine  tune 
and  perform  code  optimization. 
Require:  BS  or  foreign  equiv.  in 
CS/Engg. (any  branch)  &  2  yrs  of 
exp.  in  IT.  High  Salary.  Travel 
Involved.  F/T.  Positions  avail¬ 
able  in  Elgin,  IL  and  Lower 
Gwynedd,  PA.  Resume  to:  HR, 
Fourth  Technologies,  Inc.,  1108 
N.  Bethlehem  Pike,  Suite  8, 
Lower  Gwynedd,  PA  19002. 
Specify  location  desired  on 
resume. 


Programmer  Analysts 
(multiple  positions) 
sought  by  a  New 
Jersey-based  s/ware 
consulting  firm.  Must 
have  Bach  in  Comp 
Sci.,  Engg  or  equiv 
and  one  yr  relevant 
exp.  Respond  to:  HR 
Dept.,  AK  Systems, 
Inc.,  100  Metroplex 
Drive,  Suite  303, 
Edison,  NJ  08817. 


Programmer  Analyst  need¬ 
ed  w/exp  to  analyze, 
design,  develop,  test  & 
implement  interfaces  &  cus¬ 
tom  solutions  using  C, 
Pro*C,  PL/SQL,  Oracle 
Forms  &  Reports,  Oracle 
Clinical  &  Documentum  on 
Windows.  Send  resumes 
to:  Soft  Tech  Source  - 
Ramesh  Sarva  CPA,  PC. 
16  Murray  Guard  Dr., 
Jackson,  TN  38305. 


Information 
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Database  Developer 

Develop,  test  and  maintain  web- 
based  database  applications 
using  SQL  server  2000,  Access 
97/2000.  VB  6.0,  SQL. 
JavaScript.  NET,  C/C++  and 
Crystal  Reports  Req  Master's 
degree  in  Comp.  Sci.  or  closely 
related  field  8  proficiency  in 
SQL,  Net,  VB6  and  Crystal 
Report  40  hrs/wk  Send  resume 
/w  cover  letter  to  Cindy  Dyer, 
Global  Vision  Technologies.  Inc. 
900  Rutger,  St.  Louis,  MO 
63104  Fax:  (314)  436-9245. 
Ref.  Code:  mowz 


Tietronix  Software,  Inc. 

(Houston,  TX)  is  seeking  Soft¬ 
ware  Developer.  1  yr.  exp.  in 
using  UML,  J2EE.  Oracle, 
SQL  Server,  XML,  Bourne,  C 
Shell  Scripting,  Rational  Rose, 
Netbeans,  Visual  Cafe,  Quan¬ 
tify  &  Purify  on  Windows,  & 
Solaris.  Send  resume  to  1331 
Gemini  Ave.,  #300,  Houston, 
TX  77058,  Attn:  HR,  or  email 
to  info@tigtrpnix.com. 

ClickFind.  Inc.  (Bryan,  TX)  is 
seeking  Computer  Program¬ 
mer  for  medical  contract  re¬ 
search  industry.  1  yr.  related 
exp.  Send  resume  to  110 
North  Main  Street.  Bryan,  TX 
77803.  Attn:  Jennifer  Fox. 


Computer  Information  Supp¬ 
ort  Specialist:  wanted  by  trav¬ 
el  management  marketing 
firm  in  Miami,  FL.  Applicants 
must  investigate  computer 
software  and  hardware  prob¬ 
lems  of  users.  Applicant  must 
have  a  Bachelors  of  Science 
in  Computer  Engineering  and 
1  yr.  of  exp.  in  the  field.  Mail 
resumes  only  to  4950  SW 
72nd  Avenue,  2nd  Floor, 
Miami,  FL  33155.  Attention: 
Tammy  Gonzalez. 


Dynamic  Systems.  Inc. 
Programmer/Systems 
Analyst/Business  Analyst 
For  Lansdale,  PA  or 
North  Brunswick,  NJ 
I  nternet  Java,  JSP.EJ  B. Web¬ 
Sphere,  WebLogic.Perl/CGI.VB, 
ASP.C##,  ASP.NET  Or  VB.NET. 
Admin  AlX, HP-UX,  Solaris, Un¬ 
ix,  Oracle.  Sybase,  DB2,  Informix 
or  SQL  Server.  Skills:RDBMS, 
Unix,VC++.C,C++,AS/400,RPG, 
IBM  MF  Cobol.  DB2,Clintrial, 
Oracle  Clinical  Or  SAS. 
iob@dvnamicsvstems-inc.com 

525  Milltown  Rd,  #107,  N.  Brun¬ 
swick,  NJ  08902;  650  N  Cannon 
Ave,  Lansdale.  PA  19446. 
Phone:  732-246-2297;  Fax:732- 
246-3362 

www.dvnamicsvstems-inc.com 


VP,  Research  8  Development 
Lead  the  vision  8  technology 
innovation  effort  ind.  research  8 
development  of  new  products: 
product  development  support, 
budgeting/scheduling:  quality 
assurance  8  shipping;  specify 
engineering  requirements;  man¬ 
age  Research,  Development, 
Product  Mgmt.,  Quality  Ass¬ 
urance  8  Tech  Support  teams; 
spokesperson  for  tech  matters; 
prepare  reports  8  implement 
policies  communicated  by  the 
Board  8  Exec  Mgmt.  Req.  PhD 
in  Elec.  Eng  or  related  8  2  yrs 
exp.  in  job  or  2  yrs.  exp.  as  VP 
Engineering.  Resume  to  HR, 
Netuitive  12700  Sunrise  Valley 
Dr.,  Reston,  VA  20191.  No 
calls  please. 


TEES  Information  System 

(College  Station,  TX):  is  seek¬ 
ing  Systems  Analyst.  B.S.  in 
Computer  Science  with  3  mon. 
related  exp.  using  AppleScript, 
Appletalk,  and  MAC  OS  Send 
resume  to  3579  TAMU,  College 
Station,  TX  77843.  Attn: 
Catherine  Yancy. 

Pro-Tern,  Inc.  (League  City. 
TX)  is  seeking  Application 
Developer/Analyst.  1  yr.  exp.  in 
using  VB,  MFC,  Oracle,  data 
sampling,  embedded  coding, 
and  dosimetry  computation. 
Send  resume  to  2525  South 
Shore  Blvd.,  #401,  League 
City,  TX  77573.  email: 
human.resource@pti-sys.com. 
Attn:  Human  Resources. 


Programmer  (Roswell,  GA): 
Analyze,  dsgn,  test  8  maintain 
GUIs;  dvlp  Telephony,  Internet  8 
telecommunications  Database 
Systems  using  Visual  C++, 
Green  Leaf,  Dialogic  SDK.  etc. 
Req.  B.  Sc.  in  C.S.  or  its  foreign 
degree  equiv.  No  exp  req  but 
must  demo  ability  to  perform  job 
through  at  least  course/or  pro¬ 
ject  work  w/  Visual  C++  8  Green 
Leaf.  Resume  w/  transcript  to 
President,  New  Century 
Telecom  Inc.  8180  Greensboro 
Dr.  #700,  McLean,  VA  22102 


A  Fairfax,  VA  based  Company 
seeking  qualified  Programmers/ 
Analysts/Software  Engineers/IT 
Project  Managers  poss.  MS/BS 
or  equiv  and/or  relevant  work 
experience.  Duties  ind..  working 
with  at  least  3  of  the  following: 
Java,  Java  Servlets,  Oracle, 
Versata.  HTML,  XML,  Java 
Script,  Websphere,  Rational 
Rose,  PowerBuilder  FoxPro  and 
SQL  Server.  Send  res.  refs,  and 
sal.  req.  to:  Prescient  Infotech 
Inc.,  11130  Main  Street,  Suite 
100  El,  Fairfax.  VA  22030. 


Vayusa  Inc.,  a  pioneering 
mobile  payment  and  loyalty 
systems  developer,  seeks 
an  Information  Systems 
Director  to  lead  its  technolo¬ 
gy  development  and  strate¬ 
gy.  Must  have  MS  in  Comp. 
Sci.  or  related  field  &  3yrs 
exp.  To  apply  send  resume 
to;  Patrick  Binkley,  VP 
Engineering,  Vayusa  Inc., 
61  Chapel  St.  Newton,  MA 
02458. 


Technosol  Technologies,  LLC.,: 
Systems  Analysts:  Architect  8 
Test  Multi-Tier  Enterprise  Ap¬ 
plications  using  VB.NET,  XML, 
Web  Services,  PB,  C++,  UML. 
Rational  Rose,  J2EE,  Jaguar 
CTS  and  EAI  technologies 
using  database  in  Oracle, 
Sybase  and  SQL  Server.  Req. 
Degree  in  Comp.  Science  or 
related  field,  2  yrs  exp.  Send 
resume  to:  2606  Peninsulas  Dr. 
Missouri  City,  TX  77459  or 
email: 

technosol@technosoltech.com 


Multimedia  Web  Developer. 
Consults  w/  design,  technical, 
&  marketing  staff  to  plan  web 
site  dev.  Develops  graphic  & 
technical  architecture  of  web 
sites  including  database 
design  &  user  interface 
design.  Req  Bach.  in 
Advertising  or  Related  Field  & 
1  yr.  of  exp.  in  job  or  1  yr.  of 
exp.  as  a  Graphic  Designer/ 
Visualizer.  Send  Resume: 
Steven  Cohen,  Tempart,  Inc., 
412  SE  13th  St.,  Fort 
Lauderdale,  FL  33316  (job- 
site). 


Programmer  Analyst.  Design 
&  Develop  S/W  to  computer¬ 
ize  the  payroll  on  DOS,  Win 
95,  98  &  NT,  w/the  use  of 
PL/SQL,  ASP3.0,  SQL  Ser¬ 
ver  7.0,  HTML,  DHTML. 
Visual  Interdev,  Frontpage, 
VB,  Java  Script  &  VB  Script. 
Req:  BS  in  Comp.  Sci/Comp. 
Eng/Electrical  Eng.  40  hrs/ 
wk.  Job/Interview  Site:  Lake 
Havasu  City,  AZ.  Send 
Resume  to  Desert  Payroll 
Services  Inc.  @  P.O.  Box 
3058,  Lake  Havasu,  AZ 
86405-3058. 


Multiple  Positions;  8a-5p; 
40hrs/wk 

(A)  Programmer  Analyst: 
Analyze,  dvlp,  implmt,  prgm 
using  C,  C++,  Perl,  Oracle  DB2, 
UNIX  8  systms  analysis  8  dsgn 
method. 

(B)  Tech  Supp  Spec:  Analyze 
project;  assign  8  coord  work; 
review,  test  prgm  for  compatibili¬ 
ty;  perform  web  hosting;  trou¬ 
bleshoot,  debug  8  provide  tech 
support/updates  using  Java. 
J2EE.  EJB,  Perl,  Oracle, 
ObjectStore,  WebLogic,  UNIX. 

(C)  Technical  Supp  Spec: 
Analyze  project;  assign  8  coord 
work;  review,  test  prgm  for  com¬ 
patibility;  perform  web  hosting; 
troubleshoot,  debug  8  provide 
tech  support/updates  using 
Visual  Studio.NET,  ASP.NET, 
ADO.NET,  C  Sharp,  Visual 
Source  Safe,  Oracle,  Crystal 
Reports.NET 

Must  have  1  yr  exp  in  job  offd  or 
as  IT  professional  using  comp 
skills  listed  for  position  AND 
Bach  or  equiv  in  Comp 
Sci/Engg;  Electrical,  Electronics, 
Mech  or  related  Engg;  Info  Tech, 
Mgmt  Info  Systms,  Commerce, 
Bus  Admin/Mgmt  or  related  field. 
Send  resume  (indicating  job 
applying  for)  to  Concept  S  8  S, 
Inc.,  109  E.  17th  St.,  Ste  #12, 
Cheyenne,  WY  82001. 


Infogen  is  seeking  IT  profession¬ 
als  to  design  applications  for 
clients  using  Oracle9i,  Weblogic 
/  WebSphere,  C++,  Visual  C++, 
VB,  COM,  STL,  MTS,  MSMQ, 
ASP,  Java,  HTML,  XML,  MTS, 
MSMQ,  ADO.  UML.  Min  BS. 
travel  is  required.  Send  resume 
to  infoiobs@infoaeninc.com. 
EOE. 

Leapers,  a  fast  growing  interna¬ 
tional  trade  company,  looks  for 
System  Analyst,  DBA  to  design 
and  maintain  customer  manage¬ 
ment  system  (CMS),  warehouse 
management  system  (WMS), 
supply  chain  management  sys¬ 
tem  (SCM),  back  order/stage 
order  management  system 
(BKM).  BS  8  exp  required.  EOE. 


Senior  Engineer  (Portland,  OR): 
Develop  8  implement  introspec¬ 
tive  8  self-adaptive  hardware  8 
software  sys.  Design,  imple¬ 
ment,  8  evaluate  new  program 
representations.  Consult  w  / 
teams  8  clients  to  enhance  reli¬ 
ability,  scalability  8  performance 
of  advanced  computer  system. 
Supervise  project  team  8  engi¬ 
neers  to  devise  solutions.  Min. 
req's:  Ph.D.  in  Comp.  Sci.  or 
Elec.  Eng.  Plus  1  yr.  specialized 
experience.  Send  resume  to 
Melanie  Peters,  Business  Man¬ 
ager,  Reservoir  Labs,  Inc.,  632 
Broadway,  Suite  803,  New  York, 
NY  10012. 


Senior  Consultant 

(Glen  Mills,  PA  and  other  com¬ 
pany  +  client  locations  through¬ 
out  the  United  States)  Respon¬ 
sible  for  Merger  and  Acquisition 
(M8A)  integration  implementa¬ 
tion  in  the  High  Technology  and 
Consumer  Retail  Industries.  Re¬ 
sponsible  for  supply  chain  pro¬ 
cess  design  in  the  Manufactur¬ 
ing  Industry.  Responsible  for  the 
implementation  of  SAP  R/3  Vari¬ 
ant  Configuration  Responsible 
for  implementation  of  Oracle 
Financial  Suite.  Responsible  for 
design  of  web-based  Knowledge 
Management  tools  and  design 
and  implementation  utilizing 
Microsoft  Access  based  supply 
chain  tools. 

Salary:  $1 05,000/year.  Work 
schedule  is  M-F  9am-5pm.  Posi¬ 
tion  requires:  Bachelor's  degree 
or  equivalent  in  Computer  Sci¬ 
ence,  Math,  Business  Adminis¬ 
tration,  Engineering  or  Info  Sys¬ 
tems  plus  3  years  experience  in 
the  job  offered  in  related  occu¬ 
pation  of  Senior  Consultant, 
Consultant,  Associate.  Program¬ 
mer.  Analyst,  or  Management 
Analyst.  Experience  in  offered 
position  or  related  occupation 
must  include  at  least  2  years  of 
experience  with  SAP  R/3  Variant 
Configuration,  Oracle  Financial 
Suite,  Microsoft  Access,  and 
M8A  integration. 

Please  send  your  resume,  refer¬ 
encing  Job  Order  Number  WEB 
415770  to:  PA  CareerLink,  FLC 
Unit,  235  W.  Chelten  Ave., 
Philadelphia.  PA  19144.  EOE. 


Graphic  Designer.  Design  8 
edit  graphics  in  consultation 
w/production  personnel  based 
on  appearance,  design-func¬ 
tion  relationship,  budget,  price, 
costs  8  client  specification. 
Build  simulated  graphic  mod¬ 
els  using  Photoshop,  Illustra¬ 
tor,  8  Quark.  Req:  Bachelor  of 
Fine  Arts  in  Graphic  Design. 
40hrs/wk.  Job/Interview  Site: 
Laguna  Niguel,  CA  92677. 
Send  resume  to  Chapman 
Walters  Intercoastal  Corp.  @ 
P.O.  Box  7242,  Laguna  Niguel, 
CA  92607. 


System  Analyst.  Design,  devel¬ 
op,  test,  code,  implement  and 
maintain  computer  systems  and 
perform  programming  to  meet 
project  requirements  for  Risk 
Management  Department;  de¬ 
sign  and  develop  ETL  process  to 
upload  data  from  OLTP  system 
to  Star  Schema;  develop  inter¬ 
face  process  to  transfer  data 
between  Loan  Servicing  and 
FACS;  use  Oracle  7.x,  8.05,  SQL 
Server,  Crystal  Reports.  Require 
3-yr  college  8  2-yr  exp  as 
Programmer  or  IT  Consultant. 
Related  exp  must  include  using 
Oracle  7.x,  8.05,  SQL  Server, 
Crystal  Reports.  40hrs/wk.  8- 
5pm,  $72k/yr.  Send  resumes  to 
PO  Box  11170,  Detroit,  Ml 
48202,  reference  #  230072. 
Employer  paid  Ad. 


Software  Engineers  Consultants 
needed  for  database  program¬ 
ming,  Internet  programming  or 
Systems  side  programming 
Will  help  clients  design,  develop, 
program,  and  test  software  im¬ 
plemented  on  client  server  tech¬ 
nology.  The  main  technologies 
involved  are  databases  (Oracle), 
datawarehousing  tools  (Busin¬ 
ess  objects,  Informatica,  Cog- 
nos),  and  Internet  programming 
languages  (Java,  JDBC)  or  Sys¬ 
tem  programming  languages  (C 
and  C++).  Must  have  5  yrs  exp. 
as  software  engineer  or  in  a 
related  field. 

Unix  Administrators  Consultants 
also  needed  for  network  imple¬ 
mentation  and  administration, 
system  integration,  backup,  and 
recoveries,  shell  scripting  and 
system  securities.  Knowledge 
of  management  of  enterprise 
network  storages  devices  (SAN 
and  NAS),  HP  and  Solaris 
Serves,  Swithches,  HUBs  and  in 
Veritas  NebBackup  Systems  5 
yrs.  experience  as  Unix  Sys¬ 
tems  Administrator  or  related 
field. 

Rea,  for  both  positions:  Clients 
are  located  in  9  states.  Candi¬ 
dates  must  be  willing  to  move 
from  location  to  location  for 
assignment  durations  that  varies 
from  3  mos.  to  year.  Email  CV 
to  rtroff@tnscinc.com.  Rona 
Troff,  HR  Mgr  of  TechNation 
Software  Consulting,  Inc.,  or 
mail  to  300  N.  Dakota  Avenue, 
#505B,  Sioux  Falls.  SD  57104. 


DatamanUSA,  LLC,  a  Software 
Consulting  Co.  seeks  qualified 
IT  Professionals  for  dsgn, 
dvlpmt,  testing  8  implmtn  of 
s/ware  8  database  systms.  B.S. 
in  Comp  Sci,  Eng.,  a  related  field 
or  equiv  w/3  yrs.  exp.  Applicants 
must  be  willing  to  relocate/travel 
to  various  unanticipated  Iocs 
throughout  US.  Mail  resume  to 
Attn.  HR,  31 5A  West  Lincoln 
Way,  Ste  15,  Cheyenne,  WY 
82001  or  email  to 
jobs_wy@DatamanUSA.com. 


SurajSoft  Inc.  is  hir¬ 
ing  System  Admin 
Managers.  Send 
resume  to  304 
Town  and  Country 
Village  Sunnyvale 
CA 94086.  Maybe 
placed  at  client 
sites  nationwide. 


IT  Education  &  Training  Directory 


Contact  the  companies  listed  below 
to  help  you  with  your  training  needs! 


To  place  your  ad  please  call  800-762-2977 


IPexpert,  Inc. 

(866)  225-8064 

www.ipexpert.com 

CCIE  (R&S,  SEC,  and  C&S),  CCSP, 

CCNP,  CCNA,  IP  Telephony 


CBT  Nuggets 

(888)  507-6283  &  (541)  284-5522 
www.cbtnuggets.com 
Affordable  training  videos  on  CD 
MCSE,  MCDBA,  MCSD,  CCNA, 
Citrix,  Linux,  A+,  Net  + 
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Rebuilding  the  World’s 
Email  Infrastructure. 


IronPort  C-Series  Messaging  Gateway'”  Appliance 

Kill  the  crisis.  Build  the  future. 

Only  one  company  has  built  a  product  powerful  enough  to  manage  the  startling  growth  in 
email  volume — and  withstand  the  massive  flood  of  spam,  viruses  and  fraud  that  threaten 
your  email  communication  system.  To  learn  how  you  can  future-proof  your  email  with  the 
world’s  fastest  email  gateway,  visit  www.ironport.com/future  and  build  beyond  the  crisis. 


IRONPORT 

Powerful.  Reliable.  Secure. 


C  Copyright  2004  IronPort  Systems.  Inc.  All  rights  reserved. 


www.ironport.com 
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Forums  produces  educational  events 
.  and  executive  forums  worldwide. 

Events  and  Executive  Forums  including  our  one  day  Technology  Tours, 
customised  on-site  training,  and  executive  forums  such  as  DEMO®, 
DEMOmobite®.  and  VORTEX,  as  well  as  the  DEMOIetter  and  VORTEX 
Digest  newsletters.  For  complete  information  on  our  current  seminar 
offerings,  call  us  at  800-643-4668  or  go  to  www.nwfusion.com/events. 


Publicize  your  press  coverage  in 
Network  World  by  ordering  reprints  of 
your  editorial  mentions.  Reprints 
make  great  marketing  materials  and 
are  available  in  quantities  of  600  and 
up.  To  order,  contact  Reprint 
Management  Services  at  (717)  399- 
1900  x129  or  E-mail:  mshoben@reprintbuyer.com 
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Cambridge  campus,  away  from 
the  more  picturesque  parts  as  a 
temporary  structure  for  its  radia¬ 
tion  laboratory  MIT  expected  to 
vacate  the  building  after  the  con¬ 
clusion  of  World  War  II.The 
wooden,  asbestos-ridden  struc¬ 
ture  far  outlasted  its  life  expect¬ 
ancy  But  it  couldn’t  last  forever. 

MIT  tore  down  Building  20  in 
1999,  and  in  its  place  stands  a 
brand-new,  entirely  different 
structure  flooded  with  natural 
light,  gleaming  metal  surfaces 
and  a  form  that  screams  “look  at 
me”  to  passersbyThe  new  $300 
million  building  —  which  was 
formally  dedicated  last  week  — 
is  home  to  MIT’s  Computer 
Science  and  Artificial  Intelli¬ 
gence  Laboratory  (CSAIL).Its 
designer  is  renowned  architect 
Frank  Gehry  whose  other  work 
includes  the  titanium-clad  Gug¬ 
genheim  Museum  in  Bilbao, 
Spain,  and  the  spectacularly 
expressive  Rasin  office  tower  in 
Prague,  nicknamed  “Fred  and 
Ginger”  for  its  two  entwined 
pieces  —  one  a  flared  glass-and- 
steel  tower,  the  other  a  more 
solid  concrete  cylinder. 

Gehry’s  team  had  its  work  cut 
out  for  it  in  designing  a  new 
complex  on  the  Building  20  site. 
Many  MIT  researchers  didn’t 
want  the  old  structure  razed. 
They  revered  Building  20,  not  for 
its  architecture  but  for  the  ideas 
conceived  in  its  laboratories  and 
offices. 

The  first  Building  20  occupants 
perfected  radar  systems  critical 
to  the  Allied  forces  victory  in 
World  War  II.  Later  Amar  Bose  — 
of  speaker  maker  Bose  —  is 
rumored  to  have  surreptitiously 
tested  his  speaker  designs  in  the 
buildings  anechoic  chamber. 


\  I  / 


Vi  THIS  WEEK’S  QUESTION: 

Which  company  was 
created  through  the  1997 
merger  of  McAfee  and 
Network  General? 

Stumped?  Get  the  answer  online. 

Visit  Network  World  Fusion  and  enter 
2349  in  the  Search  box. 


Building  20,  with  its  small,  closed 
offices,  encouraged  researchers 
to  hole  up  in  solitude,  whereas 
the  Stata  Center  strives  to  create 
intimacy  and  interaction,  he  said. 

At  least  one  researcher  says 
the  plan  is  working  —  seeing 
activity  through  the  glass  walls 
of  his  team’s  lab  pulls  him 
inside,  says  Anant  Agarwal.“I 
come  into  the  lab  a  lot  more 
often  than  before,”  he  says. 
Agarwal  is  working  on  a  1,020- 
node  microphone  array,  pow¬ 
ered  by  a  tiled  parallel-processor 
architecture,  that  can  separate 
the  voice  of  one  speaker  from 
among  thousands  of  voices. 

Erik  Demaine  likes  the  irregu¬ 
larly  shaped  offices.  One  might 
expect  this  MIT  professor  to, 
because  his  research  is  in  com¬ 
putational  origami. 

“I  like  the  far-out  crazy  geome¬ 
tries,”  says  Demaine,  who  is 
studying  the  mathematic  and 
algorithmic  aspects  of  paper 
folding.  It’s  a  research  area  that 
could  seem  a  bit  frivolous,  on 
the  surface.  But  Demaine  is  pur¬ 
suing  unexpectedly  practical 
uses  for  the  technology,  such  as 
designing  safer  airbags. 

For  professors  Seth  Teller  and 
Jon  Leonard,  the  buildings  com¬ 
plexity  provides  a  great  opportu¬ 
nity  to  test  their  robots.The  pair 
is  working  on  autonomous  robot 
navigation  and  mapping  —  their 
robots  are  programmed  to  ex¬ 
plore  an  unknown  area,  build  a 
model  of  the  environment  as 
they  go  along  and  then  use  that 
model  to  determine  location. 
Stata  Center  with  its  maze  of  cor¬ 
ridors  seems  a  perfect  testing 
habitat  for  this  team.  ■ 
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MIT's  new  Stata  Center  is  outfitted 
with  a  wireless-enabled  locator 
system  for  navigating  its  convolut¬ 
ed  halls.  Light-filled  common  areas 
—  some  with  networked  worksta¬ 
tions  available  to  occupants  - 
bear  no  resemblance  to  the  build¬ 
ing's  barracks-like  predecessor. 
But  the  research  being  conducted 
inside  Stata  Center  continues  with 
tradition:  Current  MIT  researchers 
are  refining  a  1,020-node  micro¬ 
phone  array  (below)  that  can 
single  out  one  voice  among  thou¬ 
sands  of  speakers,  for  example. 


More  recently  Building  20  resi¬ 
dents  conceived  ideas  that 
evolved  into  companies  such  as 
encryption  specialist  RSA  Secur¬ 
ity  and  content  services  provider 
Akamai  Technologies. 

“There  was  a  lot  of  love  for  a 
building  called  Building  20,” 
Gehry  said  last  week  at  a  dedica¬ 
tion  event. 

But  MIT  leaders  made  the  deci¬ 
sion  to  retire  Building  20  to  make 
way  for  a  larger,  more  modern 
facility  that  could  accommodate 
CSAIL  along  with  the  university’s 
Laboratory  for  Information  and 
Decision  Systems  and  its  Depart¬ 
ment  of  Linguistics  and  Philoso¬ 
phy  The  new  building  houses  lin¬ 
guists  and  speech-recognition 
specialists  alongside  scientists 
devising  tools  for  image-guided 
surgery  and  those  building 
portable  devices  that  understand 
human  gestures. 

Its  formal  name  is  the  Ray  and 
Maria  Stata  Center  (Ray  Stata  is 
an  MIT  graduate  and  co-founder 
of  semiconductor  maker  Analog 
Devices).  It’s  730,000  square  feet 
—  more  than  three  times  the 
area  of  Building  20.  Running 
throughout  Stata  Center  is  a  10G 
bit/sec  optical  Ethernet  back¬ 
bone  with  1G  bit/sec  Ethernet 


who  heads  Gehry  Technologies, 
a  newly  formed  spinoff  of 
Gehry’s  design  firm.  While  other 
clients  have  been  skeptical  of  the 
lack  of  physical  construction 
documents,  at  MIT  the  response 
was, “Well  of  course,  how  else 
would  you  do  it?”Glymph  said. 

Collocation  by  design 

From  the  outside,  Stata  Center 
looks  like  a  dozen  buildings 
squeezed  together  by  the  hand 
of  a  giant.  Brick,  stainless  steel 
and  painted  white  aluminum 
facades  run  into  each  other  and 
create  a  series  of  irregular  protru¬ 
sions.  Within  the  curves  and 
angles  are  labs,  offices  and  lec¬ 
ture  halls.There’s  even  a  mirrored 
cylindrical  volume  called  the 
“nose”  that  houses  a  robotics  lab. 

Inside  the  building,  the  archi¬ 
tects  tried  to  replicate  some  of 
the  messy  atmosphere  of 
Building  20  by  specifying  plain 
concrete  floors  and  simple  ply¬ 
wood  dividers  between  worksta¬ 
tions.  Gehry  wanted  users  to  feel 
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comfortable  tearing  down  or 
punching  holes  through  interior 
walls;  the  finishes  are  not  intend¬ 
ed  to  be  “precious,”  Gehry  said. 

The  Stata  Center  layout  is 
designed  to  encourage  collabora¬ 
tion  among  researchers  of  differ¬ 
ent  disciplines. Virtually  none  of 
the  corridors  are  straight;  tucked 
in  the  angles  are  countless  open 
areas  which  can  be  used  as  infor¬ 
mal  meeting  spaces.There  are 
also  multiple  cafes,  a  gym  and 
day-care  center. 

“The  need  was  for  something 
that  would  attract  collisions  of 
people  by  accident,”  Gehry  said. 


■  Network  World,  118  Turnpike  Road, 
Southborough,  MA  01772-9108,  (508)  460-3333. 


service  to  1 ,000  desktops;  Cisco 
Catalyst  6500  switches  anchor 
the  network. 

Befitting  its  techie  residents, 
Stata  Center  was  built  using  digi¬ 
tal  replacements  for  tape  mea¬ 
sures.  Instead  of  rolls  of  two- 
dimensional  drawings,  thou¬ 
sands  of  laser  points  projected 
from  land-surveying  gear  told 
contractors  where  to  cut  and 
where  to  build, said  Jim  Glymph, 
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NetworkWorld 

Network  World  is  the  Exclusive  Medio 
Sponsor  of  iLobs-a  live  test  bed  designed  to 

give  NetWorld+Interop  attendees  hands-on,  unbiased  insight  into 
the  state  of  emerging  technologies.  Stop  by  the  iLabs  booth  on 
the  show  floor  for  an  up-close,  personal  experience  with  these 
new  technologies: 

■  Interoperability  of  SIP-based  Voice-over-IP  products 

■  Wired  and  Wireless  LAN  Access  Security 

■  Advanced  Internetworking  using  MPLS 


Network  World 
Testing  Track  FREE 
to  all  N+l  registered 

attendees-three  interac¬ 
tive  conference  sessions 
presented  by  Network  World 
Lab  Alliance  members  who 


Testing  10GBE  Gear 

David  Newman,  Network  Test 

With  10G  Ethernet  moving  out 
of  the  early  adopter  stage  and 
into  the  mainstream,  it's  time 
for  network  managers  to  take 
a  good  look  at  the  new  tech¬ 
nology.  This  session  presents 
results  of  the  most  extensive  tests  yet  conducted  on 
10G  Ethernet  switch/routers  and  printed  in  Network 
World.  The  session  also  explores  why  latency,  jitter, 
and  packet  loss  have  a  much  more  significant  impact 
at  10G  rates  than  with  earlier  versions  of  Ethernet. 

Tuesday,  May  1 1 ,  2004 

2:00  pm  -  3:00  pm  ♦  ROOM  N1 15 


will  discuss  test  methodology, 
offer  advice  on  testing  process 
pitfalls  and  explore  which 
products  you  should  include 
in  your  testing  short  list. 

Also  be  sure  to  visit  the 
Collaboration  and  VoIP 


Testing  SSL  VPN  Products 

Joel  Snyder,  Opus  One 


The  SSL  VPN  product  niche  is 
so  new,  in  fact,  that  there  is  not 
even  market  agreement  on  what 
products  based  on  this  technolo¬ 
gy  should  comprise.  In  the  recent 
Network  World  SSL  VPN  tests, 
Snyder  tested  both  the  features  and  functionality  of 
many  of  the  disparate  products  on  the  market  today 
to  help  sort  out  what  products  are  feasible  for  use  in 
an  enterprise  network. 


Theater  presentations  at 
Booth  127  in  the  Exhibit  hall. 


In  this  session  Snyder  will  present  his  methodology 
for  evaluating  SSL  VPNs,  and  give  examples  of  how 
Network  World  ranked  industry-leading  products 
according  to  this  methodology.  Attendees  will  also 
learn  about  criteria  they  can  use  to  hone  in  on  which 
SSL  VPN  products  to  bring  into  their  own  test  labs 
for  consideration. 

Wednesday,  May  12,  2004 
2:00  pm  -  3:00  pm  ♦  ROOM  N1 15 
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Testing  IDS  and  IPS  with  Open 
Source  Tools 

Rodney  Thayer,  Independent  Security  Consultant 


E  Intrusion  detection  and  intrusion 
prevention  technology,  whether 
in  standalone  devices  or 
integrated  into  other  network 
infrastructure  gear,  are  valuable 
resources  for  today's  network 
manager.  However,  like  other  safety  devices — like 
smoke  detectors,  fire  extinguishers,  or  watchdogs — 
they  should  be  tested  periodically  to  confirm  they 
are  in  fact  operating  as  they  should.  In  this  presenta¬ 
tion,  Thayer  will  discuss  how  to  use  open  source, 
readily  available  tools  to  construct  a  test  bed  that 
can  be  used  to  scientifically  exercise  and  measure, 
in  a  reproducible  and  comparable  manner,  IDS  and 
IPS  systems. 


Thursday,  May  13,  2004 

2:00  pm  -  3:00  pm  ♦  ROOM  Nil 5 


Collaboration  and  VoIP  Theater 
Presentations 

Christine  Perey,  Perey  Research  and 
Consulting  Services 

Hear  the  latest  about  existing 
and  emerging  collaboration 
technologies — VoIP  hardware 
and  software,  streaming  media 
delivery  tools,  videoconferencing 
technologies,  portal  software, 
instant  messaging,  and  collaboration  suites.  Christine 
Perey,  Network  World  Lab  Alliance  member,  will 
moderate  discussions  on  all  these  topics. 

Tuesday  -  Thursday 
May  11  -  13,  2004 
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Protocol-level  protection 


NetQoS’  ReporterAnalyzer  6  includes  virus  scanning  designed  to  help 
spot  anomalous  activity  across  enterprise  networks. 
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ReporterAnalyzer  6 
reports  on  network  traffic 
to  determine  the  cause  of 
network  or  application 
slowdowns. 
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In  this  example  the  software  uses  real-time  reporting 
to  identify  the  SQL  Slammer  worm  on  the  network. 

Network  managers  can  run  the  Virus  Scan  Wizard, 
which  will  identify  infected  hosts  and  network  devices. 
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Management 

continued  from  page  1 

Sasser  worm  congested  networks  around 
the  world,  the  timing  of  the  product  intro¬ 
ductions  couldn't  be  better  (see  story  page 
11). 

“We’re  looking  for  easier,  less  manual  and 
less  tedious  ways  to  distribute  patches  to 
workstations  and  servers,”  says  Larry'  Sikon, 
CIO  at  Thomas  Weisel  Partners,  a  banking 
and  brokerage  firm  in  San  Francisco. 
"  [Patch  management]  tools  in  the  past 
have  had  a  degree  of  complexity  I  am  not 
comfortable  with  at  my  organization.” 

“Management  vendors  are  getting  into 
security  by  spotting  traffic  patterns  and 
packet  characteristics  that  could  be  in¬ 
dicative  of  an  internal  or  external  attack,” 
says  Glenn  O’Donnell,  program  director  at 
Meta  Group. 

Among  companies  looking  to  impress 
N+I  attendees  is  newcomer  Autonomic 
Software.  The  company  plans  to  introduce 
its  Autonomic  Network  System  and  Admin¬ 
istration  (ANSA)  software,  which  is  de¬ 
signed  to  automate  distribution  of  patches 
across  servers  and  desktops.  Company 
executives  say  Autonomic  will  compete 
with  Symantec,  which  recently  announced 


its  plans  to  add  systems  and  patch  man¬ 
agement  to  its  security  products. 

Sikon  is  evaluating  the  Autonomic  prod¬ 
uct  and  says  it  could  eliminate  the  manual 
server  and  desktop  visits  his  staff  of  40  per¬ 
form  when  patching  systems. 

The  software  combines  asset  inventory 
and  discovery  tools  with  up-to-date  vulner¬ 
ability  and  virus  data  to  ensure  systems  are 
patched  before  a  breach  in  security  ANSA 
performs  an  initial  automated  discovery  of 
IT  assets  and  then  begins  scanning  net¬ 
works  for  potential  vulnerabilities.  When 
open  router  ports  or  unpatched  servers  are 
found,  the  software  uses  pre-defined  poli¬ 
cies  to  deliver  patches,  lock  down  ports 
and  quarantine  servers.  The  software  also 
tracks  application  versions,  licenses  and 
usage  on  server  and  desktops. 

Autonomic  hosts  a  data  repository  which 
is  kept  up  to  date  with  vulnerability  and 
patch  data.  Customers  install  centralized 
software  on  a  dedicated  Windows  server 
and  are  connected  to  the  repository  which 
sends  updates  over  the  Internet  via  XML  in¬ 
terfaces  and  Web  services. 

Pricing  for  ANSA  starts  at  $35  per  agent 
for  up  to  100  agents  and  $13.50  per  agent 
for  more  than  2,500. 

NetQoS  also  will  use  N+I  to  strut  its  secu¬ 


rity  stuff.  The  company  is  expected  to  pre¬ 
view  additions  to  Version  6.0  of  its  flagship 
ReporterAnalyzer  software  that  enable  vul¬ 
nerability  scans  across  a  network.The  com¬ 
pany’s  performance  management  soft¬ 
ware,  which  comes  packaged  on  a  Dell  or 
HP  box,  now  can  perform  vulnerability 
scans  across  network  traffic.  The  new  Virus 
Scan  Wizard  can  isolate  infected  devices 
based  on  traffic  thresholds  for  a  specific 
port  and  capture  real-time  traps  of  the 
events  leading  up  to  the  problem  so  that 
the  data  can  be  analyzed. 

NetQoS  uses  a  data  collector  that  sits  near 
core  network  routers,  a  data  interpreter  that 
is  connected  to  a  hub  router  and  server 
reporting  software.  The  collectors  passively 
monitor  Cisco  NetFlow  traffic,  compress  the 
data  and  send  it  to  the  interpreter,  which 
sorts  it  out  for  network  administrators  using 
a  Web  browser-based  console.  The  upgrad¬ 
ed  software  costs  $50,000. 

Also  at  the  show,  Solsoft  will  demonstrate 
Version  6.0  of  its  Fblicy  Server  software  for 
tracking  events  across  firewalls,  routers, 
switches  and  VPN  gear.  The  upgraded  edi¬ 
tion  features  a  new  reporting  tool  that  can 
be  used  to  extract  audit  and  change  history 
information  from  a  centralized  repository 
of  security  policies.  For  example,  if  a  worm 
that  uses  a  certain  port  strikes  a  company  a 
network  manager  can  use  Policy  Server  to 
quickly  determine  which  servers  allow  traf¬ 
fic  on  that  port  and  lock  them  down,  the 
company  says.  Another  new  feature  en¬ 
ables  network  managers  to  automatically 
provision  multiple  fully  meshed  and  hub- 
and-spoke  IPSec  VPN  tunnels. Version  6.0  is 
scheduled  to  ship  in  the  third  quarter 
priced  starting  at  $15,000. 

Separately  NetlQ  next  week  plans  to  un¬ 
veil  two  upgraded  products:  Security  Man¬ 
ager  5.0  and  Vulnerability  Manager  5.0.The 
vendor  is  adding  integration 
between  its  security  and 
application  management 


products,  and  has  partnered  with  Tru- 
Secure  and  Shavlik  Technologies  to  pro¬ 
vide  vulnerability  intelligence  and  patch 
management  capabilities  to  its  products. 

Security  Manager  5.0  collects  security 
events  from  multiple  points  on  customer 
networks,  then  filters,  correlates  and  nor¬ 
malizes  the  events  to  alert  IT  staffs  about 
the  source  of  any  threats.  Vulnerability 
Manager  5.0  scans  networks  for  known 
problems  and  now  works  with  technology 
from  Shavlik  to  distribute  patches. 

Pricing  for  each  product  ranges  from 
$1,500  to  $2,000  per  server. 

In  addition  to  helping  firms  safeguard 
their  networks  against  attacks,  vendors  at 
N+I  will  focus  on  application  performance. 

Start-up  Optimum  uses  distributed  appli¬ 
ances  and  technology-specific  software 
modules  that  collect  and  deliver  perfor¬ 
mance  metrics  to  a  centralized  server  to 
optimize  the  performance  of  voice,  audio 
and  video  applications  over  IP  public 
switched  telephone  network  and  wireless 
networks.The  system  monitors  applications 
for  packet  loss,  jitter  and  overall  quality 

Enterprise  pricing  for  the  company’s 
Concerto  offering  starts  at  $48,000  and 
varies  depending  on  network  configura¬ 
tion  and  software  modules  purchased. 

Separately  Entuity  will  unveil  Eye  of  the 
Storm  3.5,  which  now  includes  a  reporting 
engine  that  taps  into  the  product’s  histori¬ 
cal  database  and  lets  network  managers 
query  data  and  then  create  reports  based 
on  multiple  metrics. 

Eye  of  the  Storm  resides  on  a  centralized 
server  and  uses  a  combination  of  automat¬ 
ed  discovery  event  traps  and  polling  algo¬ 
rithms  to  extract  data  from  network,  system 
and  application  sources. 

Also  new  in  Version  3.5  is  configuration 
support  for  Service  Assurance  Agent 
probes  built  into  Cisco 
devices.  Version  3.5,  starts  at 
$50,000.B 


Get  more  information  online. 
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One  event  puts  you  at  the  core  of  enterprise  networking. 


Enterprise  networking  decision-makers  today  must  understand  all 
relevant  communication  technologies,  from  virtual  private  networks 
to  wireless  LANs,  storage  to  security,  applications  to  infrastructure. 

That's  why  SUPERCOMM  remains  the  premier  event  for  private 
and  public  sector  enterprise  leaders. 

Enterprise@SUPERCOMM  features  leading 
exhibitors  showing  a  vast  array  of  enterprise 
technologies.  It  also  includes  a  FREE  educational 
curriculum,  covering  key  enterprise  topics.  Explore  the  Whole  World  of  Communications 


SUPERCOMM 


And,  since  enterprise  decisions  encompass  the  total  range  of 
communication  technologies,  we  further  provide  a  window  into  Broadband, 
Converged  Wireless  and  the  entire  Global  Infrastructure.  As  a  result,  in  a  few 
days  or  even  hours,  you  can  get  a  comprehensive  view  of  interrelated 

trends  in  every  area  of  communications. 
Join  the  enterprise  network  leaders  who 
make  SUPERCOMM  a  must-attend  event. 
Take  advantage  of  FREE  registration  and 
surround  yourself  with  solutions. 


June  20  -  24  2004  Exhibits  June  22  -  24  McCormick  Place  Chicago  IL  supercomm2004.com 


SUPERCOMM*  is  a  registered  trademark  of  the  Telecommunications  Industry  Association  (TIA)  and  the  United  States  Telecom  Association  (USTA) 
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The  fall  of  the 

I  hear  far  too  many  stories  about 
non-IT  folks  who  simply  don’t 
“get  it”  when  it  comes  to  their 
PCs.  What  these  people  don’t  get  is 
that,  whether  they  like  it  or  not,  they 
are  responsible  for  how  they  use  cor¬ 
porate  IT  resources,  which  includes 
how  they  accidentally  abuse  them. 

These  willful  people  need  a  name  we  can  identify 
them  by  . . .  how  about  “itiots”? 

It  seems  that  these  itiots  are  as  common  today  as 
they  ever  were  and  in  many  organizations  the  rot 
starts  at  the  top.  How  many  stories  have  you  heard  of 
CXOs  who  can’t  use  e-mail? 

And  how  many  itiots  come  to  you  with  IT  prob¬ 
lems  they  want  solved  but  don’t  really  want  to 
know  or  care  what’s  wrong  —  they  just  want  it 
fixed  and  fixed  now!  These  are  the  same  people 
who  frequently  moan  “Why  can’t  it  do  X?”but  don’t 
actually  want  to  know  the  reason  or  how  to  get 
around  the  problem  —  they  just  want  to  complain. 

Now,  handling  data  and  turning  it  into  actionable 
information  —  arguably  the  one  and  only  goal  for 
all  business  computing  —  is  an  extraordinarily  com¬ 
plex  process  and  demands  skilled,  intelligent  users 
who  know  what  they’re  doing  and  why 
But  most  of  these  itiots  expect  their  computers  will 
behave  like  their  cars  —  they  expect  to  get  in,  turn 


the  key  and  have  it  go  without  them  having  to  think. 

Unfortunately  computers  are  not  simplest  least 
not  yet.  Many  of  you  will  argue  this  is  the  way  com¬ 
puters  really  should  be.  I  agree.  And  everyone  should 
have  a  million  dollars  and  a  yacht. 

The  problem  is  that  wishing  doesn’t  change  reality 
and  no  amount  of  hand  waving  by  industry  luminar¬ 
ies  promising  pen-based  machines  with  voice  recog¬ 
nition  and  intelligent  software  can  change  the  fact 
that  this  vision  is  decades  away  We’re  stuck  with 
what  we  have  to  work  with  now. 

It  is  inexcusable  in  this  day  and  age  for  skilled 
employees  to  not  know  how  to  drive  a  computer  at 
a  more-proficient  level  than,  say  an  8  year  old. 

After  all,  if  their  job  included  running  a  sophisti¬ 
cated  photocopier  we  could  quite  reasonably 
expect  them  to  know  how  to  make  reductions  and 
enlargements,  use  duplexing, stapling  and  so  on. 

What  I  propose  is  that  your  organization  adopt  a 
Total  Computing  Initiative  —  that  it  become  a  busi¬ 
ness  that  not  only  uses  IT  but  actually  embodies  it 
from  top  to  bottom.  No  employee,  including  the 
CEO,  left  behind! 

A  Total  Computing  Initiative  should  ensure  that 
employees  understand  the  what  and  why  of  busi¬ 
ness  computing  and  how  to  fix  common  problems. 
Staffers  should  have  significant  insight  into  how 
computers  work  and  how  computers  support  and 


enhance  business  process. 

If  their  PCs  get  messed  up,  it  shouldn’t  be  a  com¬ 
plete  mystery  to  them. They  should  have  a  clue  and 
know  how  to  get  their  machines  fixed.  Should  they 
know  how  to  manipulate  registry  settings?  No.  Should 
they  know  what  defragging  a  disk  means?  Yes. Should 
they  be  capable  of  writing  applications?  No.  Should 
they  be  able  to  create  macros  in  Word?  Yes. 

It  has  occurred  to  me  that  it  might  be  possible 
to  assign  a  PC  to  each  employee  and  make  him 
responsible  for  its  care  and  feeding. 

The  employee’s  review  should  reflect  his  ability 
to  ensure  the  PC’s  uptime  and  ability  to  do  the 
job  assigned  to  it. 

One  of  the  benefits  of  a  Total  Computing  Initiative 
would  be  the  organization’s  network  wouldn’t  create 
the  adversarial  situations  that  so  often  isolate  the  IT 
staff  from  everyone  else. 

Better  still,  problems  that  affect  the  organization’s 
infrastructure  would  be  identified  quickly  because 
of  the  increased  number  of  users  paying  attention. 
Along  with  that,  more  business  information  would 
start  to  flow  because  everyone  would  be  intimately 
involved  in  computers  and  communications. 

So,  say  goodbye  to  your  itiots  and  hello  to  a  Total 
Computing  Initiative. 

Please ,  no  itiots  writing  to  backspin@gibbs.com. 


Stupid  users,  dastardly  bugs 
and  the  success  or  failure  of  your  company  riding  on  your  network,  aka,  your 
shoulders.  No  sweat,  right? 

Not  quite. The  stress  has  got  to  manifest  itself  somehow,  and  for  some  it's  a 
nightmare.  Infotrope. net's  got  a  list  from  those  who  have  fessed  up,  such  as 
the  woman  who  dreams  in  HTML,  the  guy  who  dreams  he  uses  SNMP  to 
manipulate  everything  or  the  poor  soul  stuck  in  a  binary  tree. 

We  know  there’s  more  good  ones  out  there;  therefore,  we  propose  a  contest. 
Send  your  worst  IT  nightmare  to  Iayer8@nww.com  by  the  end  of  the  day  May 
14,  and  the  “best”  one  will  win  a  D-Link  802. 11b+ Wireless  Access  Point. 

www.nwfusion.com,  DocFinder:  1957 

Gaga  over  Google 

You  would  think  Google  was  the  first  tech  company  to  ever  file  an  IPO. 

The  long-awaited  action  from  those  IPO  teases  drew  a  900%  increase  in  traf¬ 
fic  to  the  Securities  and  Exchange  Committee  Web  site.  Between  2:30  and  3:30 
p.m.  April  29,  the  day  of  the  filing  announcement,  it  took  as  long  as  45  seconds 
to  download  sec.gov,  as  opposed  to  the  normal  4  seconds  on  a  typical  day 
when  no  one  cares  about  the  site. 

According  to  measurement  stats  from  Web  site  performance  benchmarking 
company  Keynote,  during  that  60-minute  period,  your  chances  of  successfully 
downloading  the  SEC  home  page  dropped  to  as  low  as  20%,  as  opposed  to  the 
normal  100%  when  your  download  is  accompanied  by  chirping  crickets. 

DocFinder:  1958 

Pump  up  that  PC 

“The  Fast  andThe  Furious"  scene  is  coming  to  the  PC  set,  as  people  are 
pumping  up  their  processors  and  prettying  up  those  dull  beige  cases. 


The  beautification  trend,  known  as  modding,  offers  enough  illuminated  fan  grills, 
fluorescent  cables  and  acrylic  cases  to  turn  any  box  into  a  small  Las  Vegas  Strip. 

According  to  the  BBC,  modding  emerged  from  LAN  parties  as  a  form  of 
“psychological  combat." 

Companies  such  as  Sharkoon  offer  glow-in-the-dark/luminescent  everything, 
while  Cooler  Master  sells  PC  dashboards  —  what  they  call  Function  Panels  — 
that  display  "fan  voltage,  the  audio  sound  pressure  and  the  temperature  of  the 
thermal  sensor.” 

DocFinder:  1959 

The  latest  NYC  tourist  attraction 

If  you  see  men  dressed  like  Pac-Man  characters  chasing  each  other  around 
Washington  Square  Park  in  New  York,  don't  be  alarmed  —  it’s  just  graduate 
studies. 

According  to  Pac-Manhattan  organizers,  this  “analog  version"  of  the  classic 
video  game  is  part  of  New  York  University's  Interactive  Telecommunications 
graduate  program,  designed  to  “explore  what  happens  when  games  are 
removed  from  their  ‘little  world’  of  tabletops,  televisions  and  computers,  and 
placed  in  the  larger  ‘real  world'  of  street  corners  and  cities." 

Pac-Man  chases  four  ghosts  around  the  NYU  area,  guided  by  five  people  ("con¬ 
trollers")  running  the  game  and  directing  his  movement  via  a  cell  phone.  Organi¬ 
zers  will  use  Wi-Fi  and  special  software  to  simulcast  the  game  online  so  nerds 
not  sitting  in  Washington  Square  Park  can  watch.  Schedules  posted  on  http://pac 
manhattan.com/  offer  a  glimpse  of  upcoming  games  you  can  watch  live  or  online. 

DocFinder:  1960 

Shaw  is  chief  cook  and  bottle  washer  of  Layer  8,  your  online  rumpus  room  featuring 
the  best  of  Network  World  Fusion  and  the  not-just-networking  news.  She  can  be  reached 
at  layer8@nww.com.  Shaw  and  colleague  Adam  Gaffin  are  sharing  chair-warming 
duties  until  'Net  Buzz  overlord  Paul  McNamara  returns  from  medical  leave. 
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NetVanta  1224STR 
The  functionality  of  five 
devices  for  the  price  of  one. 


J 


Introducing  the  NetVanta  1 224STR  from  ADTRAN'. 


Dare  to  Compare! 

NetVanta 

1224STR 

Managed,  24-Port 

Layer  2  Switch 

✓ 

Gigabit  Ethernet  Uplinks 

✓ 

IP  Access  Router 

✓ 

Stateful  Inspection  Firewall 

✓ 

DSU/CSU 

✓ 

QoS 

✓ 

VLAN  trunking 

✓ 

Command  Line  Interface  (CLI) 

✓ 

Intuitive  Web  GUI 

✓ 

ADTRAN  OS 

✓ 

Optional  Virtual  Private 
Networking 

✓ 

Optional  Dial  Backup 

✓ 

Optional  PBX  Connectivity 

✓ 

Unlimited  Telephone 

Technical  Support 

✓ 

Free  Firmware  Updates 

✓ 

5-Year  Warranty 

✓ 

Lower  the  cost  of  enterprise  connectivity  with  the  powerful  new 
NetVanta  1224STR.  This  full-function  WAN/LAN  access  platform 
does  the  work  of five  devices  for  the  price  of  one.  Suitable  for  networks 
of  any  size,  the  NetVanta  1224STR  offers  everything  you  need  to  bring 
a  branch  office  or  remote  location  online,  including  managed  Layer  2 
Ethernet  switching,  full-featured  IP  routing,  firewall  protection,  VPN, 
and  WAN  termination — all  in  a  compact  1U  chassis.  It  is  QoS,  VLAN, 
and  Gigabit  Ethernet  capable,  and  offers  affordable  dial  backup  and 
voice  options.  ADTRAN ’s  new  NetVanta  1000  Series  of  Layer  2  Ethernet 
switches  is  backed  by  a  1 00%  satisfaction  guarantee,  including  unlimited 
technical  support,  free  firm  ware  upgrades,  and  a  5-year  warranty. 


Available  at  a  price  point  well  below  competing 
multi-box  solutions,  the  NetVanta  1224STR 
will  change  the  way  you  connect  remote  locations. 


Test  drive  a  NetVanta  1224STR  today! 
Win  a  free  baseball  cap! 


www.  a  dtran.com/in  fo/ cools  witch 


877.591.3055  Technical  Questions 
877.280.8416  Where  to  Buy 


The  NetVanta  Series 


NetVanta  1000  Series 
Managed  Layer  2  Ethernet  Switches 


NetVanta  2000  Series 
Firewalls/VPN 


NetVanta  3000  Series 
IP  Routers 


The  Network  Access  Company 


AdIrati 


Copyright©2004  ADTRAN,  Inc.  All  rights  reserved.  ADTRAN  and  NetVanta  are  registered  trademarks  of  ADTRAN,  Inc.  EN70A042604NW 


;;aST-CUTTING  SOLUTIONS  FOR 
THE  MOST  CHALLENGING  NETWORKS. 


THERE  ARE  MULTIPLE  reasons  to  choose  WilTel’s  MPLS-enabled  IP  network:  Our  10  Gbps  backbone.  OC-192  transport.  Over 
12,000  access  points  nationwide.  Zero  outages  during  9/1 1  and  the  2003  blackout.  A  #1  customer  satisfaction  rating  by  Atlantic-ACM 
for  the  third  year  running.  From  dedicated  Internet  access  to  multipoint 
virtual  private  networks,  WilTel  delivers  efficient  and  elegant  IP  solutions  for 
top  enterprises  and  carriers  worldwide.  With  the  next-gen  genius  required  to 
consistently  beat  standard  service  level  agreements  and  consistently  outperform 
all  other  networks.  Multiply  speed,  performance  and  flexibility,  with  WilTel. 


COMMUNICATIONS 

Net  Results .  Not  Excuses: 


www.  wilt  el.  com 

Call  1.866.WilTel.2 


O  2004  WilTel  Communication * 


